Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Error: False Script Attack Using Google Search Block
 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x
Author Message
dconnor
New Member
New Member



Joined: Apr 17, 2006
Posts: 19
PostPosted: Tue Feb 06, 2007 9:38 pm Reply with quote
Hi Everyone:

I own a rather large and popular forum and get about 20 attacks a day.

The rarest and most important one to me is always a script attack.

I must say, NukeSentinel is great. I would not have a site right now without it.

However, today I installed a Google site search block. I had it coded to return the results onsite, a new feature from Google by using an iframe on the results page.

But within minutes, I recieved a script attack from it, here is the string:
(I removed the users IP from the string:)

Code:
Date & Time: 2007-02-06 13:40:59 EST GMT -0500 Blocked IP: REMOVED User ID: Anonymous (1)


Reason: Abuse-Script


--------------------


User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; InfoPath.1) Query String: [ Only registered users can see links on this board! Get registered or login! ]


Get String: [ Only registered users can see links on this board! Get registered or login! ] is not receiving calls\" &sitesearch=vonage-forum.com&sa=Google Search&client=pub-9384837557811734&forid=1&channel=4538040223&ie=ISO-8859-1&oe=ISO-8859-1&flav=0001&sig=83V_cJGVnc5JtshI&cof=GALT:#008000;GL:1;DIV:#336699;VLC:663399;AH:center;BGC:FFFFFF;LBGC:336699;ALC:0000FF;LC:0000FF;T:000000;GFNT:0000FF;GIMP:0000FF;FORID:11&hl=en


Post String: [ Only registered users can see links on this board! Get registered or login! ]


Forwarded For: none


Client IP: none


Remote Address: REMOVED


Remote Port: 37866


Request Method: GET


Any ideas what is causeing this?

Thank you,

Dan


Last edited by dconnor on Tue Feb 06, 2007 10:52 pm; edited 1 time in total 
View user's profile Send private message
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221
PostPosted: Tue Feb 06, 2007 10:31 pm Reply with quote
Perhaps there's a way to pass variables using POST instead of GET? That may allow it to pass through the Sentinel filters

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
dconnor
PostPosted: Tue Feb 06, 2007 10:43 pm Reply with quote
evaders99 wrote:
Perhaps there's a way to pass variables using POST instead of GET? That may allow it to pass through the Sentinel filters


Thank you my old freind Smile

We are looking into it right now, I will post you an update.

BTW, the track referer and track agent is wonderful!

Dan
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©