Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Muffin
Client



Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Sun Dec 26, 2004 9:19 am Reply with quote

lol I didnt think it could be that simple so didnt do it doh!

There was me looking for a complicated solution

Thanks Raven.

Hope my dumbness helps lots of others like me (thats my way of getting out of being a real thicko at this lol)

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
Muffin







PostPosted: Sun Dec 26, 2004 10:24 am Reply with quote

ermm Raven do we need to put

RewriteEngine on (at the beginning)
and

RewriteEngine Off (at the end of the new code?)
 
Viper-
New Member
New Member



Joined: Dec 24, 2004
Posts: 5

PostPosted: Sun Dec 26, 2004 10:35 am Reply with quote

Place RewriteEngine on at the very top of your .htaccess file, I wouldn't worry about RewriteEnging Off, just leave that out altogether.

Also, if it would help you, I can talk to you on one of the IM services and fix your .htaccess file up for you Smile

Viper

_________________
www.PHPNukeFiles.com [ Only registered users can see links on this board! Get registered or login! ] 
View user's profile Send private message Visit poster's website
Muffin







PostPosted: Sun Dec 26, 2004 12:29 pm Reply with quote

Hi Viper

Thanks I'll put that back in then cos I'm getting loads of emails again from Sentinel since I left the rewrite engine bit off the code.

If I get stuck I'll get back to you here, thanks for offering, much appreciated.
 
tango
New Member
New Member



Joined: Dec 26, 2004
Posts: 3

PostPosted: Sun Dec 26, 2004 4:55 pm Reply with quote

Sorry Raven I am little be confused

In the last 3 days my sentinel 2.1.2 blocked about 100 ips for day and I received 300 email like this, buth with different ip Smile

Date & Time: 2004-12-26 23:50:25
Blocked IP: 69.72.230.138
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: lwp-trivial/1.41
Query String: [ Only registered users can see links on this board! Get registered or login! ]
Forwarded For: none
Client IP: none
Remote Address: 69.72.230.138
Remote Port: 36273
Request Method: GET
-------------------------------------------------------


Date & Time: 2004-12-26 23:46:37
Blocked IP: 193.178.158.26
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: LWP::Simple/5.64
Date & Time: 2004-12-26 23:46:37
Blocked IP: 193.178.158.26
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: LWP::Simple/5.64
Query String: [ Only registered users can see links on this board! Get registered or login! ]
Forwarded For: none

----------------------------------

I read all topics befor write this message, about the Worm, about the Agent and about the rewrite, but I am little be confused.

I am under attack ? or it is a new agent/spiders not tratted correctly buy Sentinel ?
I read your fix in .Htaccess but I don't have the mod rewrite installed.

Could you explain me How fix this problem in simply words please

Thanks in advance
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Sun Dec 26, 2004 5:15 pm Reply with quote

NukeSentinel traps it, but mod_rewrite is a way to stop it before it ever reaches your site. If your host doesn't offer mod_rewrite then they are ages behind. Seriously, I woul try to change hosts. it's so simple to install.
 
View user's profile Send private message
tango







PostPosted: Sun Dec 26, 2004 5:19 pm Reply with quote

k thanks sorry for my host lol Smile

But is the only whay to stop it ????

Are dangerus hack attack ????
 
Raven







PostPosted: Sun Dec 26, 2004 5:21 pm Reply with quote

NukeSentinel is stopping it, like I said. Yes, it is dangerous but so far, not to worry.
 
tango







PostPosted: Sun Dec 26, 2004 5:43 pm Reply with quote

k thanks a lot !
 
mds
Client



Joined: Dec 24, 2004
Posts: 194
Location: Michigan

PostPosted: Mon Dec 27, 2004 12:05 am Reply with quote

hey dont thank me man i thank you Smile all i did was trying to see if it made a diff ...and it did i copy and pasted your code and moved the options-index to the bottom with a few spaces in between the pasted code and wa la no emails today ,thanks so much for you being here ....i will update to the code posted above ..it seems the user agent has been all the same (LWP) i must of just misread and thought it was diff. on one of several i was checking out...is this what you are referring to as the redirect url ?
Quote:
RewriteRule ^.*$ emailsforyou.php [L]


HAPPY HOLIDAYS

P.s
from this post
Quote:
Posted: Sun Dec 26, 2004 3:17 pm


to this Posted: Mon Dec 27, 2004 4:05 pm i still sit at 633 blocked Cheers Wave

hmm seems i need to change the time in my profile its actually 1:15 am
 
View user's profile Send private message
mds







PostPosted: Mon Dec 27, 2004 12:52 am Reply with quote

never mind the redirect question found the answer in your sticky Embarassed
 
Raven







PostPosted: Mon Dec 27, 2004 5:01 am Reply with quote

Great! I appreciate your support Wink
 
cprompt
Regular
Regular



Joined: Jun 08, 2004
Posts: 64

PostPosted: Mon Dec 27, 2004 7:22 am Reply with quote

I have been hit by two more

Code:
RewriteCond %{REQUEST_URI} ^envidiosos                [NC,OR]


RewriteCond %{REQUEST_URI} ^civa                [NC,OR]


civa.org and envidiosos.org

visualcoders domain has been suspended.
 
View user's profile Send private message
Raven







PostPosted: Mon Dec 27, 2004 7:28 am Reply with quote

Thanks!
 
cprompt







PostPosted: Mon Dec 27, 2004 8:08 pm Reply with quote

Here's another compromised site by LW::Simple
[ Only registered users can see links on this board! Get registered or login! ]
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©