Author |
Message |
blith
Client
Joined: Jul 18, 2003
Posts: 977
|
Posted:
Tue Jul 29, 2008 7:29 am |
|
Please tell me if this is bad?
Code:Date & Time: 2008-07-28 02:26:42 CDT GMT -0500 Blocked IP: 87.118.70.5 User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.2b) Gecko/20021001 Phoenix/0.2 Query String: [ Only registered users can see links on this board! Get registered or login! ]
Get String: [ Only registered users can see links on this board! Get registered or login! ] Result: registered (registering only mode is ON); Post String: [ Only registered users can see links on this board! Get registered or login! ] Forwarded For: none Client IP: none Remote Address: 87.118.70.5 Remote Port: 4991 Request Method: GET
--------------------
Who-Is for IP
|
|
|
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
Posted:
Tue Jul 29, 2008 11:12 am |
|
Someone is running what looks like a malfunctioning probe/attack script against you. I get these all the time. |
_________________ GCalendar - An Event Calendar for PHP-Nuke
Member_Map - A Google Maps Nuke Module |
|
|
|
blith
|
Posted:
Tue Jul 29, 2008 12:19 pm |
|
Gremmie wrote: | Someone is running what looks like a malfunctioning probe/attack script against you. I get these all the time. |
Thank you. It is nice that Sentinel caught it! My question is I do not have script blocking writing to htaccess like all the others. Should I be instantly and permabanning Abuse-Script? |
|
|
|
|
blith
|
Posted:
Tue Jul 29, 2008 3:49 pm |
|
Well, now I am kind of confused. After looking at this it almost seems as if people are trying to register. I just received another one:
Code:User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 Query String: [ Only registered users can see links on this board! Get registered or login! ]
Get String: [ Only registered users can see links on this board! Get registered or login! ] Result: registered (registering only mode is ON); Post String: [ Only registered users can see links on this board! Get registered or login! ] Forwarded For: none Client IP: none Remote Address: 12.201.65.188 Remote Port: 63457 Request Method: GET
|
Can it be that prevelant that people are trying to hack or ar they trying to register? |
|
|
|
|
Gremmie
|
Posted:
Tue Jul 29, 2008 4:40 pm |
|
No one who was legitimately trying to register would concoct such a GET string. Anyone registering would do it via POST.
BTW, I accidently clicked on the above and got blocked/banned from your site. |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
Posted:
Tue Jul 29, 2008 9:35 pm |
|
|
|
|
blith
|
Posted:
Wed Jul 30, 2008 7:21 am |
|
Thank you both very much! I am at ease now.
Gremmie I will fix that in case I need you in the future |
|
|
|
|
Gremmie
|
Posted:
Wed Jul 30, 2008 7:30 am |
|
But evaders99, what's up with the op variable? Why would they include all that "Result: registered ..." crap in there? That makes me think their script is horked. |
|
|
|
|
warren-the-ape
Worker
Joined: Nov 19, 2007
Posts: 196
Location: Netherlands
|
Posted:
Wed Jul 30, 2008 8:01 am |
|
Gremmie wrote: | BTW, I accidently clicked on the above and got blocked/banned from your site. |
Yep, roflll did the same yesterday (I have a dutch IP ) |
|
|
|
|
evaders99
|
Posted:
Wed Jul 30, 2008 11:48 am |
|
Their script is "horked" |
|
|
|
|
Gremmie
|
Posted:
Wed Jul 30, 2008 12:09 pm |
|
evaders99 wrote: | Their script is "horked" |
They sure run the d*** thing a lot, judging by the amount of times I see it each week. Don't they notice it isn't working? Oh well, have fun with that kiddies! |
|
|
|
|
|