Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
ozbutcher
Worker
Worker


Joined: Jan 17, 2007
Posts: 170

PostPosted: Mon May 07, 2007 6:29 am Reply with quote

So far I've gotten about 10 emails (within the last 60 minutes). all of them seems to have the same link but different ip addresses. here is one of the messages I got:

Code:
Date & Time: 2007-05-07 12:21:09 UTC GMT +0000

Blocked IP: 195.210.43.*
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: libwww-perl/5.79
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 195.210.43.214
Remote Port: 59546
Request Method: GET
--------------------
Who-Is for IP
195.210.43.214 


does anyone know whats going on Sad I'm seriously considering removing myself from the email list cause I'm getting a lot of these messages daily.
 
View user's profile Send private message
ozbutcher
PostPosted: Mon May 07, 2007 6:40 am Reply with quote

another one again just now Sad

Code:
Date & Time: 2007-05-07 12:36:18 UTC GMT +0000

Blocked IP: 203.121.175.*
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: libwww-perl/5.805
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 203.121.175.179
Remote Port: 48051
Request Method: GET
--------------------
Who-Is for IP
203.121.175.179 
 
FireATST
RavenNuke(tm) Development Team


Joined: Jun 12, 2004
Posts: 637
Location: Ohio

PostPosted: Mon May 07, 2007 7:00 am Reply with quote

libwww-perl/ I used this for search and there is numerous posts on this subject that should help you out..... Smile
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
ozbutcher
PostPosted: Mon May 07, 2007 8:43 am Reply with quote

ah there are so many posts! I do not know which is the right one for me Sad

I found one where raven says we need to put a .htaccess and .staccess into the \modules\forums\admin directory.

my question about that is... can point the .htaccess to the .staccess that nuke sentinel makes for my super admins? that way I don't have to keep updating the .staccess?

or am I looking at the wrong fix?
 
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Mon May 07, 2007 8:55 am Reply with quote

you have to follow the fix raven posted....
and just update admins ...where needed....
 
View user's profile Send private message
wiz
Involved
Involved


Joined: Oct 09, 2006
Posts: 413
Location: UK

PostPosted: Wed May 09, 2007 7:13 am Reply with quote

You are not alone, ive had over 50 attacks over the last couple of days from exactly the same script path. Senti is blocking, which is good. But you could just turn the email function off for the filter blocking.

Any chance of a link to that fix topic? Please
 
View user's profile Send private message Visit poster's website AIM Address
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed May 09, 2007 11:37 pm Reply with quote

Save yourself the headache, block "libwww-perl" user agents completely from your site using .htaccess

Bots use the libwww perl functions in order to spread themselves and take over sites. You are better safe to deny them access completely.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Thu May 10, 2007 5:57 am Reply with quote

It has been documented before, but here is an example of what evaders is talking about:

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl
RewriteRule ^.*$ Only registered users can see links on this board! Get registered or login! [R,L]

This requires that mod_rewrite is working on your installation (many threads on this subject).

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©