Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
the-legend
New Member
New Member



Joined: Nov 08, 2007
Posts: 18

PostPosted: Thu Feb 25, 2010 2:40 am Reply with quote

Hello. Every now and then guests from many countries come to my site and I wonder why they aint registered. So I go through nuke sentinel and search the tracked IP's and see this:
Code:
http://www.the-palace-of-friends.com/forum/modules.php?name=Your_Account&__csrf_magic=sid:4c039c586f5796e84eddc083dcc0a603b6d7ca82,1266852105&gfx_check=cT4sxxzi&random_num=&ya_username=Ensusywousa&ya_realname=Ensusywousa&ya_user_email=theblast1@hyipt.com&op=new_finish&submit=Finish
All the guests seem to use this (and the email near the end is different) to try and do something to my site. Does anyone know what they are trying to do. I will be blocking these IP's soon so would like more info on what that is I see when im looking at where they are going on my site and what there trying to do. Thanks alot.
 
View user's profile Send private message
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Thu Feb 25, 2010 3:03 am Reply with quote

They are trying to exploit an old vulnerability in BBtoNuke that allowed users to bypass the registration activation. In this case, apart from the fact we fixed it, they have the url string completely wrong any way Smile
 
View user's profile Send private message Send e-mail
the-legend







PostPosted: Thu Feb 25, 2010 3:18 am Reply with quote

Thanks for quick reply. Im glad they cant do anything. Now for the happy time of banning a few IP's. Very Happy RavensScripts
 
the-legend







PostPosted: Tue Mar 02, 2010 12:57 am Reply with quote

Hello. I dont know why people go through the hassle of trying to hack sites its getting to be a pain in the ass. I have an arcade module loaded on ravennuke and on the score pages ads are appearing.
Image
Image
I have recieved emails from nuke sentinel saying that some ip addreses have been blocked. I am still going through the nuke sentinel and seeing different things that normal members wouldnt be doing. Like the first links they have been trying to use to get past the registration i have seen links that show cookies in a page. I dont know what they are trying to do but to stop them totally would be great. If i knew what ip addresses for all the countries are i would ban their range and see if that stops them.
 
Guardian2003







PostPosted: Tue Mar 02, 2010 1:54 am Reply with quote

As registration is required to access the Arcade I cannot even see where the ads are appearing in the source but it is looking like the Arcade MOD has a problem.
Nuke Sentinel (tm) is a great tool but it won't stop latent vulnerabilities in third party code. You might want to dowload you sites files and use a file comparison tool to compare your current file set against a back set to see if any mystery files have been uploaded.
If that doesn't yield anything and the server logs don't reveal anything, you'll need to manually check all the Arcade mod data in the database to make sure no harmful code has been allowed to enter the database through bad input filtering.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©