Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
STALKERllllllD
New Member
New Member


Joined: Feb 28, 2005
Posts: 3

PostPosted: Tue Dec 04, 2007 11:04 am Reply with quote

i've been getting a lot of blocked ips for the last week or so and they look something like this

Query String: Only registered users can see links on this board! Get registered or login!

Query String: Only registered users can see links on this board! Get registered or login!

anything be done or just let NS do its thing?
 
View user's profile Send private message
spasticdonkey
RavenNuke(tm) Development Team


Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA

PostPosted: Tue Dec 04, 2007 1:13 pm Reply with quote

pretty common, I've been getting the same ones... most of them look like fairly simple, easily foiled cross-site scripting attacks so I wouldnt lose to much sleep over it. The IP's are all over the board so they are probably using a proxy so not sure there a whole lot you can do, but I'm no NS expert either...

the chat.ru domain has alot of incoming ones lately... i assume it's a free hosting service but I can't read russian, so.....
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Tue Dec 04, 2007 8:12 pm Reply with quote

HHhhhmmmmm... i had added @mail.ru to my NS string blocker about a year back and now it looks like I need to add chat.ru....

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
slackervaara
Worker
Worker


Joined: Aug 26, 2007
Posts: 236

PostPosted: Tue Dec 04, 2007 9:53 pm Reply with quote

I have added modrewrite statements in my .htaccess and I don't get these bans in Sentinel although I have the latest version. I presently use this in my .htaccess:

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} ^libwww(-FM|-perl) [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond % _CONF [OR]
RewriteCond % tool25 [OR]
RewriteCond % cmd.txt [OR]
RewriteCond % r57shell [OR]
RewriteCond % c99 [OR]
RewriteCond % THEME_DIR
RewriteRule ^.* - [F,L]

RewriteCond %{QUERY_STRING} .*http:\/\/.*
Rewriterule ^.* - [F]
 
View user's profile Send private message
spasticdonkey
PostPosted: Tue Dec 04, 2007 10:52 pm Reply with quote

hmm looks interesting Smile
I'll give it a try and see how it works for me Smile
 
montego
PostPosted: Wed Dec 05, 2007 5:11 am Reply with quote

slackervaara, that is all you have in yours? Wink I swear that my .htaccess is larger than my largest PHP script. killing me
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©