Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
jbroth
New Member
New Member


Joined: Dec 29, 2007
Posts: 2

PostPosted: Sat Jan 19, 2008 5:46 am Reply with quote

I switched to Raven about a month ago and immediately started seeing the blocked IPs coming in. I clipped the link sent to me in the abuse email and took a look at the scripts that were being used but can't make heads or tails as to what they are for or do?

I'm not a php guru by any means anyway but I was just curious what they did.

JB
 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sat Jan 19, 2008 7:58 am Reply with quote

Some do nothing, but most are designed to either collect information about your site or add and alter files on your site. An approach is to try to run PHP code as if it were local, which gives the script more access than scripts running on other sites.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
jbroth
PostPosted: Sat Jan 19, 2008 8:40 am Reply with quote

Wow, I've got over 550 blocked IPs since I've switched.

That's alot of attempts AFTER I switched. Wonder what they were doing BEFORE I switched?

JB
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat Jan 19, 2008 9:41 pm Reply with quote

Probably wasn't hitting anything as long as your site was properly patched. But good that Sentinel sends an alert anyway

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
slackervaara
Worker
Worker


Joined: Aug 26, 2007
Posts: 236

PostPosted: Sun Jan 20, 2008 2:19 am Reply with quote

I avoid that all hacking robots activates Sentinel by stopping them by the .htaccess file:

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} ^libwww(-FM|-perl) [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library
RewriteRule ^.* - [F,L]

RewriteCond %{QUERY_STRING} .*http:\/\/.* [OR]
RewriteCond %{QUERY_STRING} .*http%3A%2F%2F.*
Rewriterule ^.* - [F]
 
View user's profile Send private message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sun Jan 20, 2008 7:10 am Reply with quote

jbroth
Check this:
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
JBR
New Member
New Member


Joined: Apr 14, 2004
Posts: 7

PostPosted: Fri Feb 15, 2008 8:09 pm Reply with quote

Susann,

That's depressing to see all those.

JB

ps, I have no idea how I ended up with two memberships on this forum Blonde Moment

Sorry about that, I'll stick with my new one though Smile

Promise. . .
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©