Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
TheosEleos
Life Cycles Becoming CPU Cycles


Joined: Sep 18, 2003
Posts: 960
Location: Missouri

PostPosted: Sat Aug 28, 2004 4:10 pm Reply with quote

This IP has over 800 hits in the last 4 days.

It doesn't resolve to anything, that I can find. Using the who-is-where I can see this person is getting to stuff that only someone who is registered should be able to get to.

For example. You gotta be registered to be on a reply page but according to ip_tracking he is on this page. As well as the module private messages.
Anyway, I was thinking maybe this is a bot or something. Any ideas? When he is on the site it is for hours at a time.

Here is the ip.

212.27.41.37

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website AIM Address ICQ Number
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Sat Aug 28, 2004 5:13 pm Reply with quote

It's Amsterdam NL by checking with Sam Spade. It's a bit suss isn't it.

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
GeekyGuy
Client


Joined: Jun 03, 2004
Posts: 302
Location: Huber Heights Ohio

PostPosted: Sat Aug 28, 2004 5:15 pm Reply with quote

TheosEleos,
I get the same IP on my site a lot.

Here is the page I use to find info on an IP address:
Only registered users can see links on this board! Get registered or login!

_________________
"The Daytona 500 is ours! We won it, we won it, we won it!", Dale Earnhardt, February 15th, 1998, Daytona 500 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger ICQ Number
TheosEleos
PostPosted: Sat Aug 28, 2004 5:54 pm Reply with quote

I get one that resolves to Microsoft. I figure that is a msn bot or something. I don't understand how he gets to those restricted pages.
 
TheosEleos
PostPosted: Sat Aug 28, 2004 5:56 pm Reply with quote

If you get the ip on your site a lot then it is probably just a bot. If he does anything evil I'm sure Sentinel will give him a good spanking.

Thanks for the link.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sat Aug 28, 2004 5:57 pm Reply with quote

Just because it attempts doesn't mean it sees anything Wink
 
View user's profile Send private message
TheosEleos
PostPosted: Sat Aug 28, 2004 6:00 pm Reply with quote

Ah, I didn't know that ip_tracker logged attempts as well.
 
Raven
PostPosted: Sat Aug 28, 2004 6:04 pm Reply with quote

I don't know that either as I don't use it. But, that would be my guess.
 
Nukeum66
Life Cycles Becoming CPU Cycles


Joined: Jul 30, 2003
Posts: 551
Location: Neurotic, State, USA

PostPosted: Sat Aug 28, 2004 6:42 pm Reply with quote

ip_tracker logs every link followed by any visitor, be it human or bot. If you don't like the bots visiting certain directories try editing your robot.txt

Robots.txt Tutorial Only registered users can see links on this board! Get registered or login!

_________________
Scott Johnson MIS Ubuntu/Linux 11.10 
View user's profile Send private message Visit poster's website
TheosEleos
PostPosted: Sun Aug 29, 2004 5:47 pm Reply with quote

I opened my robots.txt and found this.

Disallow: /modules/

Isn't this blocking access to any and all modules?
 
Nukeum66
PostPosted: Sun Aug 29, 2004 7:09 pm Reply with quote

It should. Unless the bot is just ignoring it, if that the case block that bots with Sentinel
 
TheosEleos
PostPosted: Sun Aug 29, 2004 7:20 pm Reply with quote

Well, I don't want my forums and news and such being blocked. I wonder if since I have google tap running the rules change?
 
Nukeum66
PostPosted: Sun Aug 29, 2004 7:46 pm Reply with quote

Check the user-agent see if it's listed as a Bad Bot (google search)
 
TheosEleos
PostPosted: Sun Aug 29, 2004 8:50 pm Reply with quote

I must be a moron. I can't find what the user-agent is of these two ips.

I used that dnsstuff site and did a whois.
 
Raven
PostPosted: Sun Aug 29, 2004 9:28 pm Reply with quote

The user-agent is from the person's browser, not any dns info Wink
 
TheosEleos
PostPosted: Sun Aug 29, 2004 9:29 pm Reply with quote

How do I find that information. (am I digging a hole to big to get out of?) Laughing
 
Raven
PostPosted: Sun Aug 29, 2004 10:19 pm Reply with quote

If you didn't capture it when he visited your site you missed it.
 
TheosEleos
PostPosted: Sun Aug 29, 2004 10:23 pm Reply with quote

How do you get it when he is at the site?
 
Nukeum66
PostPosted: Sun Aug 29, 2004 10:32 pm Reply with quote

Look up the IP address in your Access Logs.... Wink
 
TheosEleos
PostPosted: Sun Aug 29, 2004 10:34 pm Reply with quote

You guys are just teasing me arent you? Or am I sleep deprived? I can use ip tracker to get any ip I want. Once I have the ip how do I get the user-agent?
 
Raven
PostPosted: Sun Aug 29, 2004 10:36 pm Reply with quote

I'm telling you that you have to trap it at the same time as it is browser specific, not IP specific. Your application that traps the IP has to trap it.
 
Nukeum66
PostPosted: Sun Aug 29, 2004 10:37 pm Reply with quote

It will look something like this

Quote:
xx.xx.51.210 - - [10/May/2004:00:42:47 -0700] "GET /robots.txt HTTP/1.1" 200 3636 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MSIECrawler)"
 
TheosEleos
PostPosted: Sun Aug 29, 2004 10:39 pm Reply with quote

So user-agent is just what application someone uses to browse the internet.

And user-agent in robots.txt is some code written into the robot that says what it's agent is.
 
Nukeum66
PostPosted: Sun Aug 29, 2004 10:39 pm Reply with quote

ACCESS LOGS PLEASE!!! LOL!!
 
Raven
PostPosted: Sun Aug 29, 2004 10:42 pm Reply with quote

Yes and Yes and Yes to access logs, maybe. Can't remember if I track that.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©