| Author |
Message |
Donovan
Client
Joined: Oct 07, 2003
Posts: 735
Location: Ohio
|
 Posted:
Tue Jun 13, 2006 2:32 pm |
|
Script kiddies are out again. They got my site eto-league.com.
[ Only registered users can see links on this board! Get registered or login! ]
Changes the message and the site name in preferences.
I am running NukeSentinal 2.4.2pl8
I am not running latest 3.2
This is getting insane. |
| |
|
 
 |
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Tue Jun 13, 2006 2:39 pm |
|
any tracks of what they did? |
| |
|
|
|
|
Donovan
|
| Posted:
Tue Jun 13, 2006 3:11 pm |
|
Where would be the best place to look for tracks? |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Jun 13, 2006 3:13 pm |
|
depends if they were actualy on your site..
you could start in cpanel....stats last visitors..
any uploading facilities on that site? |
| |
|
|
|
|
Donovan
|
| Posted:
Tue Jun 13, 2006 3:16 pm |
|
I want to ban all these turkish bums who get off on hacking.
85.97.133.164
85.104.237.212
85.103.58.85
How do I add a range?
d*** I need to RTFM..... |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Tue Jun 13, 2006 3:37 pm |
|
If they spoofed their IP which is likely, your banning blindly.
Check your sever logs, Sentinels tracked IP's, Tracked Users etc. |
| |
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Tue Jun 13, 2006 9:52 pm |
|
If its one of the recent modules/Forums/admin/* type hack, it may have still bypassed NS... not sure if all the injections have been covered? (Are we ever sure?  ) Unfortunately, you may only spot via the server logs...
Had you, by chance, implemented either HTTPAuth or CGIAuth protection on this directory per Raven't post here:
[ Only registered users can see links on this board! Get registered or login! ]
You can PM me the answer if you would rather. The attacks are continueing, so the more info we can pass along to Bob and team the better. Thanks. |
_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Thu Jun 29, 2006 5:07 pm |
|
They hacked another site and the admin found different files e.g. for an IRC botnet(http://www.egghelp.org/whatis.htm) in modules/4nAlbum and /temp. It seems they search for this module and the forums too. The "Turk Fascist" Hacker group can be found here:
Team Leader: d3ngsz
Msn: [ Only registered users can see links on this board! Get registered or login! ]
Site URL: [ Only registered users can see links on this board! Get registered or login! ]
[ Only registered users can see links on this board! Get registered or login! ]
Btw: I would not visit that site. |
| |
|
|
|
|
azakow
New Member
Joined: Jun 11, 2006
Posts: 18
Location: Germany
|
| Posted:
Fri Jun 30, 2006 2:30 am |
|
They (hackers) even answer on victim post in german CMS forums. 
I have been hacked by them. I was using 7.7 PL 3.2 no Sentinel.
Now I use Ravens Dist, Sentinel 2.4.2pl9.
Since then they have visited my site from different locations, i.e. Turkey, Portugal, ... .
Up to now everything seems OK.
Thanks to effort of you guys  |
| |
|
|
|
|
Susann
|
| Posted:
Fri Jun 30, 2006 2:55 am |
|
I know that he replied. They can cause a very large damage. If you donĀ“t have turkish users ban Turkey with cidr via htaccess completely.
[ Only registered users can see links on this board! Get registered or login! ] |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
