Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

admin_prune attack?
 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x
Author Message
Doulos
Life Cycles Becoming CPU Cycles



Joined: Jun 06, 2005
Posts: 732
PostPosted: Sun Jun 24, 2007 2:40 pm Reply with quote
We have just recently begun getting IP's blocked (6-8/day). The query is usually one attempting to access admin_prune.php with this added at the end.
Quote:
phpbb_root_path=http://www.apnic.net/index.html??

The root path is different in several of these. Others include:

flopa.addr. com/evilx
geocities. com with alot of other stuff on the end
bandwith.netfast. org/id.txt?

Are these actually attempts to prune our forums like they appear?

Also, several trying to post to the forums, either anonymously or with fake usernames - attempting to post links to porn sites, or other products.
We apparently have gotten on someones list, because this site has been up for 2 years and we have just begun to get this stuff.
 
View user's profile Send private message
gregexp
The Mouse Is Extension Of Arm



Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
PostPosted: Sun Jun 24, 2007 7:46 pm Reply with quote
This is an old exploit used to do whatever damage it can. This particular exploit is capable of doing anything that their script has been designed to make it do, insert New posts, delete entire forum, put something on the face, whatever they can make it do.

Good news is that if your Sentinel and nuke is patched to the latest security patch, then your site is quite safe from this exploit.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221
PostPosted: Sun Jun 24, 2007 8:53 pm Reply with quote
Likely you've just been indexed by Google.. that's all they use to find your site and sent these attacks. You can stop many of them by blocking libwww-perl using .htaccess

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
Doulos
PostPosted: Mon Jun 25, 2007 6:59 am Reply with quote
Evaders99, how do I do that exactly?
 
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
PostPosted: Mon Jun 25, 2007 10:38 am Reply with quote
Try searching the forums, as it's been discussed before. Wink
 
View user's profile Send private message
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©