Login or Register  • Home • Downloads • Your Account • Forums •

Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in What are these exactly??? What r they trying to do? View next topic View previous topic   Web RavenPHPScripts (This Site)      Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm) v2.5.x Author Message rugbyleaguer Hangin' Around Joined: Dec 17, 2007 Posts: 29 Posted: Thu Jan 24, 2008 3:32 pm Get a few of these on site and wondered what they were trying to do to the site??? Date &amp; Time: 2008-01-24 18:09:58 UTC GMT +0000 Blocked IP: 80.67.27.* User ID: Anonymous (1) Reason: Abuse-Filter -------------------- User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) Query String: Only registered users can see links on this board! Get registered or login to the forums! Get String: Only registered users can see links on this board! Get registered or login to the forums! Post String: Only registered users can see links on this board! Get registered or login to the forums! Forwarded For: none Client IP: none Remote Address: 80.67.27.39 Remote Port: 32913 Request Method: GET -------------------- Who-Is for IP warren-the-ape Worker Joined: Nov 19, 2007 Posts: 196 Location: Netherlands Posted: Thu Jan 24, 2008 4:08 pm See: Only registered users can see links on this board! Get registered or login to the forums! Especially the reply from Montego; (I had the same questions as well ) montego wrote: They are absolutely NOT "innocent". Anything which attacks phpbb_root_path is far from innocent and I will not go into the explanation of why. phpBB has since plugged this particular hole (yes, RN has that "plug"), so these are old exploits. Just remember too that just because a file has .txt as an extension does not mean that is truly what the nature of the file is. It could even be PHP script or a binary etc. To answer your question, it is very possible that those sites were hacked and now being used to try and attack others. rugbyleaguer Hangin' Around Joined: Dec 17, 2007 Posts: 29 Posted: Thu Jan 24, 2008 4:13 pm So where exactly are they inputting these scripts???? warren-the-ape Worker Joined: Nov 19, 2007 Posts: 196 Location: Netherlands Posted: Thu Jan 24, 2008 4:17 pm They are trying to run those queries on your site, like you can see in the strings from your topicstart. I guess that most of them are automated and are just being send to your website from another server, but please read the other topic cause a lot of it is explained over there Gremmie Former Moderator in Good Standing Joined: Apr 06, 2006 Posts: 2415 Location: Iowa, USA Posted: Thu Jan 24, 2008 7:39 pm This is called a cross site scripting attack. They are trying to trick your PHP code to run a (bad) script on a remote server. rugbyleaguer Hangin' Around Joined: Dec 17, 2007 Posts: 29 Posted: Fri Jan 25, 2008 12:46 pm Where is it likely they are inputting these scripts, that is to say I had one hacker from Turkey once chat to me and tell me how he had hacked my site by typing some script into the search topic input field then he manage to retrieve the username and the hash (MD5) of my password which he pasted into a MD5 hash cracking website waited a few days then it told him my admin password. If I know where they are inputting the stuff I can remove it so that they can only do that when they are a registered/verified member. evaders99 Former Moderator in Good Standing Joined: Apr 30, 2004 Posts: 3221 Posted: Fri Jan 25, 2008 2:45 pm Search module is a previous known exploit. RavenNuke should have it patched already. If they are still hacking your site and succeeding, please let us know rugbyleaguer Hangin' Around Joined: Dec 17, 2007 Posts: 29 Posted: Sat Jan 26, 2008 3:30 am Well thank god it seems to be blocking em each time but is a tad worrying to think its getting attacked on a regular basis. slackervaara Worker Joined: Aug 26, 2007 Posts: 234 Posted: Sat Jan 26, 2008 4:25 am rugbyleaguer wrote: Where is it likely they are inputting these scripts, that is to say I had one hacker from Turkey once chat to me and tell me how he had hacked my site by typing some script into the search topic input field then he manage to retrieve the username and the hash (MD5) of my password which he pasted into a MD5 hash cracking website waited a few days then it told him my admin password. If I know where they are inputting the stuff I can remove it so that they can only do that when they are a registered/verified member. On my site I have added in .htaccess, so only my ip-address can access admin.php. They have no use then of the admin password. <Files "admin.php"> Order allow,deny Allow from xxx.xx.x.xx </Files> xxx.xx.x.xx is my ip-address Display posts from previous:   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First        Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm) v2.5.x  Jump to:  Select a forum Read Me First!!!----------------Board Rules and Regulations Web Hosting Services----------------RWH GeneralRWH Pre Sale QuestionsRWH Client Center Application OnlyRWH OtherFAQ - PHP5 w/phpSuExec Conversion From PHP4PHP5 Conversion Issues From PHP4 RavenNuke(tm) Programming Standards/Approaches/Philosophy----------------RavenNuke / Raven CMS CMS WikiSecurity IssuesConverting/Creating BlocksConverting/Creating ModulesConverting/Creating ThemesConverting/Creating OtherConverting/Creating General DiscussionCertification - Submit Scripts For RavenNuke(tm) CertificationCertification - Modules, Blocks, Other Scripts/Applications Converted For RavenNuke(tm)Certification - All Discussion RavenNuke(tm) v2.5x----------------RavenNuke(tm) v2.5x RavenNuke(tm) v2.4x----------------v2.4 RN Announcementsv2.4 RN Documentationv2.4 RN Issues RavenNuke(tm) v2.3x----------------v2.3 RN Announcementsv2.3 RN Quick Fixesv2.3 RN Issuesv2.3 RN Documentationv2.3 RN Feedback/Suggestionsv2.30.01 RN Security Issuesv2.30.01 RN New Installation Issuesv2.30.01 RN Upgrade Issuesv2.30.01 RN All Other Issues RavenNuke(tm) v2.2x----------------RN v2.20.00 - AnnouncementsRN v2.20.00 - All IssuesRN v2.20.00 - Feedback RavenNuke(tm) Addons----------------FCKeditor/WYSIWYG IssuesnukeFeed/FeedCreatorForum Attachment ModnukeSEOShortLinks/TegoNukeNukePie/SimplePieeCommerce Site Specific Stuff----------------READ ME FIRSTAnnouncementsRaven's v7.0 Customized DistroHack Attempt ScriptRaven's Customized Distribution PacksBUGS/FIXES - Raven's v7.3 Customized DistroCache Lite Admin ModuleNuke Tool Box (TM)Captcha SecurityRaven's RavenNuke(tm) v1.x DistroRaven's RavenNuke(tm) v2.00.00 - v2.02.00 DistroWYSIWYG - Raven's RavenNuke(tm) v2.x DistroRaven's Collapsing Forums BlockGT - Raven's RavenNuke(tm) v2.x DistroRaven's RavenNuke(tm) v2.02.02 DistroPost Fixes - Raven's RavenNuke(tm) v2.02.02 DistroPublic Testing of RavenNuke(tm) v2.10.00HtAccesserIssues/Problems With This Site Security----------------NukeSentinel(tm) Country and IP2Country UpdatesSecurity - PHP NukeSecurity - OtherNukeSentinel(tm) v2.6.xNukeSentinel(tm) v2.5.xNukeSentinel(tm) v2.4.xNukeSentinel(tm)NukeSentinel(tm) Bug ReportsNukeSentinel(tm) Enhancement RequestsNukeSentinel(tm) AnnouncementsPHP-Nuke Patched Series By Chatserv Information About Forums----------------PHPBBBB2NukePunBB PHP-Portal Project (Not General phpnuke!)----------------AnnouncementsDesign Discussions Scripts - General----------------Bug FixesGeneral/Other StuffHow To'sInstallation HelpPost Installation HelpGT - Next Gen and StandardSeeking applications ...ThemesBlocksModulesMaking Nuke Efficientphpnuke 8.1phpnuke 8.0phpnuke 7.9phpnuke 7.8phpnuke 7.7phpnuke 7.6phpnuke 7.6 Bugs/Fixesphpnuke 7.5phpnuke 7.4phpnuke 7.3phpnuke 7.2phpnuke 7.1phpnuke 7.0phpnuke 6.9phpnuke 6.8Bug Fixes for phpnuke 6.5phpnuke 6.5Gallery/Gallery2CNB Your AccountBrowser Specific IssuesUpgrading NukeNuke Treasury NSN Scripts----------------NSN NewsNSN GroupsNSN OtherNSN Gr Downloads - a.k.a NukeDepositoryNSN NukeProject Other CMS/Portal Applications----------------Post NukeNuke PlatinumNuke Evolution PHPBB----------------Stand Alonew/Nuke 6.5w/Nuke 6.9BBtoNuke ModsBBtoNuke General Programming - Server Help----------------PHPMySQLFor HireApacheHTMLCSSJavaScriptServer Help Guestbook Application (KISGB)----------------KISGB General Support Stock Quote Application (KISSQ)----------------KISSQ General Support RavenNuke(tm) v2.10.01----------------RN v2.10.01 - All IssuesRN v2.10.01 - Feedback RavenNuke(tm) v2.10.00----------------RN AnnouncementsRN FAQRN Bug FixesRN Not BugsRN Documentation Issues/SuggestionsRN Enhancement Requests and SuggestionsRN NSN Groups IssuesRN Themes IssuesRN NukeSentinel(tm) issuesRN Installer/Setup IssuesRN Bug Reports - Other IssuesRN Conversion Issues From v2.02RN Conversion Issues From Standard phpNukeRN The Good, The Bad, The Ugly 6.5 Hacks----------------Old Articles Hack Nuke News Module Hack To Allow Ordering of Articles----------------News Module Hack - AnnouncementsNews Module Hack - BugsNews Module Hack - Enhancement RequestsNews Module Hack - Discussion Other Stuff----------------Other - DiscussionOther - Sites To VisitOther - Chit ChatOther - PoliticsOther - Movie ReviewsOther - Humor Religion----------------Religion - GeneralPrayer/Praise Requests Potpourri----------------Rants & Raves Private----------------Reading - AnnouncementsReading - Digital BooksReading - Hard/Soft cover BooksReading - Digital MagazinesReading - Printed Magazines  View next topic View previous topic You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Forums ©

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file



Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.


:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com :::: fisubice Theme Modified by the RavenNuke™ Team ::
:: :: ::

zerosum