| Author |
Message |
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
 Posted:
Sun Dec 26, 2004 9:19 am |
 
|
lol I didnt think it could be that simple so didnt do it doh!
There was me looking for a complicated solution
Thanks Raven.
Hope my dumbness helps lots of others like me (thats my way of getting out of being a real thicko at this lol) |
|
|
|
|
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
| Posted:
Sun Dec 26, 2004 10:24 am |
|
ermm Raven do we need to put
RewriteEngine on (at the beginning)
and
RewriteEngine Off (at the end of the new code?) |
|
|
|
|
|
Viper-
New Member
Joined: Dec 24, 2004
Posts: 5
|
| Posted:
Sun Dec 26, 2004 10:35 am |
|
Place RewriteEngine on at the very top of your .htaccess file, I wouldn't worry about RewriteEnging Off, just leave that out altogether.
Also, if it would help you, I can talk to you on one of the IM services and fix your .htaccess file up for you 
Viper |
|
|
|
|
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
| Posted:
Sun Dec 26, 2004 12:29 pm |
|
Hi Viper
Thanks I'll put that back in then cos I'm getting loads of emails again from Sentinel since I left the rewrite engine bit off the code.
If I get stuck I'll get back to you here, thanks for offering, much appreciated. |
|
|
|
|
|
tango
New Member
Joined: Dec 26, 2004
Posts: 3
|
| Posted:
Sun Dec 26, 2004 4:55 pm |
|
Sorry Raven I am little be confused
In the last 3 days my sentinel 2.1.2 blocked about 100 ips for day and I received 300 email like this, buth with different ip
Date & Time: 2004-12-26 23:50:25
Blocked IP: 69.72.230.138
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: lwp-trivial/1.41
Query String:
Forwarded For: none
Client IP: none
Remote Address: 69.72.230.138
Remote Port: 36273
Request Method: GET
-------------------------------------------------------
Date & Time: 2004-12-26 23:46:37
Blocked IP: 193.178.158.26
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: LWP::Simple/5.64
Date & Time: 2004-12-26 23:46:37
Blocked IP: 193.178.158.26
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: LWP::Simple/5.64
Query String:
Forwarded For: none
----------------------------------
I read all topics befor write this message, about the Worm, about the Agent and about the rewrite, but I am little be confused.
I am under attack ? or it is a new agent/spiders not tratted correctly buy Sentinel ?
I read your fix in .Htaccess but I don't have the mod rewrite installed.
Could you explain me How fix this problem in simply words please
Thanks in advance |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16986
Location: Kansas
|
| Posted:
Sun Dec 26, 2004 5:15 pm |
|
NukeSentinel traps it, but mod_rewrite is a way to stop it before it ever reaches your site. If your host doesn't offer mod_rewrite then they are ages behind. Seriously, I woul try to change hosts. it's so simple to install. |
|
|
 
|
|
tango
New Member
Joined: Dec 26, 2004
Posts: 3
|
| Posted:
Sun Dec 26, 2004 5:19 pm |
|
k thanks sorry for my host lol
But is the only whay to stop it ????
Are dangerus hack attack ???? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16986
Location: Kansas
|
| Posted:
Sun Dec 26, 2004 5:21 pm |
|
NukeSentinel is stopping it, like I said. Yes, it is dangerous but so far, not to worry. |
|
|
|
|
|
tango
New Member
Joined: Dec 26, 2004
Posts: 3
|
| Posted:
Sun Dec 26, 2004 5:43 pm |
|
|
|
|
|
mds
Client
Joined: Dec 24, 2004
Posts: 194
Location: Michigan
|
| Posted:
Mon Dec 27, 2004 12:05 am |
|
hey dont thank me man i thank you all i did was trying to see if it made a diff ...and it did i copy and pasted your code and moved the options-index to the bottom with a few spaces in between the pasted code and wa la no emails today ,thanks so much for you being here ....i will update to the code posted above ..it seems the user agent has been all the same (LWP) i must of just misread and thought it was diff. on one of several i was checking out...is this what you are referring to as the redirect url ? | Quote: | | RewriteRule ^.*$ emailsforyou.php [L] |
HAPPY HOLIDAYS
P.s
from this post | Quote: | | Posted: Sun Dec 26, 2004 3:17 pm |
to this Posted: Mon Dec 27, 2004 4:05 pm i still sit at 633 blocked  
hmm seems i need to change the time in my profile its actually 1:15 am |
|
|
|
|
|
mds
Client
Joined: Dec 24, 2004
Posts: 194
Location: Michigan
|
| Posted:
Mon Dec 27, 2004 12:52 am |
|
never mind the redirect question found the answer in your sticky  |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16986
Location: Kansas
|
| Posted:
Mon Dec 27, 2004 5:01 am |
|
Great! I appreciate your support  |
|
|
|
|
|
cprompt
Regular
Joined: Jun 08, 2004
Posts: 64
|
| Posted:
Mon Dec 27, 2004 7:22 am |
|
I have been hit by two more
| Code: | RewriteCond %{REQUEST_URI} ^envidiosos [NC,OR]
RewriteCond %{REQUEST_URI} ^civa [NC,OR] |
civa.org and envidiosos.org
visualcoders domain has been suspended. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16986
Location: Kansas
|
| Posted:
Mon Dec 27, 2004 7:28 am |
|
|
|
|
|
cprompt
Regular
Joined: Jun 08, 2004
Posts: 64
|
| Posted:
Mon Dec 27, 2004 8:08 pm |
|
Here's another compromised site by LW::Simple
|
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
