Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
utssace
Worker
Worker


Joined: Feb 18, 2006
Posts: 155
Location: Virginia

PostPosted: Wed Oct 24, 2007 6:02 am Reply with quote

The last 3 days, I have had the same string attacks (about 15 a day) from
random ips. Sentinel keeps blocking them. My site keeps going down
and my host thinks they server is going down because of attacks being
launched from my site.

Since the attacks are coming from different ip's, I don't know how to stop
them. Here is a snippett from nukesentinel:

Code:
Reason: Abuse-Filter

--------------------
User Agent: Wget/1.1 (compatible; i486; Linux; RedHat7.3)
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message Visit poster's website
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Wed Oct 24, 2007 7:24 am Reply with quote

It appears that your site is being attacked and that Sentinel is blocking the attacks. What evidence does your host have that actual attacks are being launched from your site? You can block the string "amyru" but if the attacker is using proxies he will still get as far as Sentinel before his IP is blocked, then he'll use another IP. Nothing you can do about that.

Just make sure that no "foreign" files have been planted on your site.
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Wed Oct 24, 2007 7:34 am Reply with quote

utssace, if the User Agent for these attacks is always Wget, do a search here in the forums for how you can use .htaccess to stop these requests from ever getting to nuke (it will save you a TON on SQL calls).

Look for "libwww" in your search and you should find something I think.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
utssace
PostPosted: Wed Oct 24, 2007 3:51 pm Reply with quote

Thanks for the help. I'll check out the htaccess block idea.

The host has to keep restarting the server after about an hour, it shuts
down again. Probably a security mechanism in the server. Too many logs
to narrow down. Host will be reinstalling OS and everything on the server.
 
slackervaara
Worker
Worker


Joined: Aug 26, 2007
Posts: 236

PostPosted: Wed Oct 24, 2007 7:40 pm Reply with quote

I have looked in my logs and I get similar attacks on my site, but I block them in .htaccess by this:

RewriteEngine on

RewriteCond %{QUERY_STRING} .*http:\/\/.*
Rewriterule ^.* - [F]
 
View user's profile Send private message
montego
PostPosted: Wed Oct 24, 2007 7:49 pm Reply with quote

slackervaara, That is definitely another way, but just keep in mind that some scripts will embed Only registered users can see links on this board! Get registered or login! type addresses in them so if you run into any issues you might have to back this off some.

For example, different versions of nuke and add-ons will allow you to look up referrers or check downloads, etc. using these methods. I believe even Gallery at one point (may still do) uses this for some of its functions.

It will work. Just cautioning others too who read this thread.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©