50+ blocked ip's an hr?

New Member Joined: Feb 28, 2005 Posts: 3

i've been getting a lot of blocked ips for the last week or so and they look something like this

Query String: [ Only registered users can see links on this board! Get registered or login! ]

Query String: [ Only registered users can see links on this board! Get registered or login! ]

anything be done or just let NS do its thing?

Posted: Tue Dec 04, 2007 1:13 pm

pretty common, I've been getting the same ones... most of them look like fairly simple, easily foiled cross-site scripting attacks so I wouldnt lose to much sleep over it. The IP's are all over the board so they are probably using a proxy so not sure there a whole lot you can do, but I'm no NS expert either...

the chat.ru domain has alot of incoming ones lately... i assume it's a free hosting service but I can't read russian, so.....

Posted: Tue Dec 04, 2007 8:12 pm

HHhhhmmmmm... i had added @mail.ru to my NS string blocker about a year back and now it looks like I need to add chat.ru....

Worker Joined: Aug 26, 2007 Posts: 236

I have added modrewrite statements in my .htaccess and I don't get these bans in Sentinel although I have the latest version. I presently use this in my .htaccess:

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} ^libwww(-FM|-perl) [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond % _CONF [OR]
RewriteCond % tool25 [OR]
RewriteCond % cmd.txt [OR]
RewriteCond % r57shell [OR]
RewriteCond % c99 [OR]
RewriteCond % THEME_DIR
RewriteRule ^.* - [F,L]

RewriteCond %{QUERY_STRING} .*http:\/\/.*
Rewriterule ^.* - [F]

Posted: Tue Dec 04, 2007 10:52 pm

hmm looks interesting Smile

I'll give it a try and see how it works for me Smile

Posted: Wed Dec 05, 2007 5:11 am

slackervaara, that is all you have in yours? Wink

I swear that my .htaccess is larger than my largest PHP script. killing me