Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Mon Jul 05, 2004 4:31 am Reply with quote

This is really different - or perhaps my naivety showing through.
I was just checking my IP logging module and saw an IP address that had hit 137 odd consecutive hits to the site.
Investigating further, as it was not a registered user, I noticed a UNION attack, which strangely Sentinel did not detect (I find that very hard to believe) and upon doing a whois for the IP, it gave Microsofts details.
I'm not going to post the attack here but will send it to Raven, Bob etc if needed.
As far as i'm aware, Sentinel blocks ANYTHING with 'union' in the url so this is a little disconcerting.

The IP was 207.46.98.42
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
NameServer: DNS1.CP.MSFT.NET
NameServer: DNS2.CP.MSFT.NET
NameServer: DNS1.TK.MSFT.NET
NameServer: DNS1.DC.MSFT.NET
NameServer: DNS1.SJ.MSFT.NET
Comment:
RegDate: 1997-03-31
Updated: 2002-12-05

RAVEN, if you need to check my logs, IP tracking etc I'm more than happy for you to have admin access to my site in case someone has found a workaround for Sentinel.
 
View user's profile Send private message Send e-mail
stephen2417
Worker
Worker


Joined: Jan 18, 2004
Posts: 244
Location: Bristolville, OH

PostPosted: Mon Jul 05, 2004 5:46 am Reply with quote

Are you sure you had union protection enabled?

And thats probably a spoofed IP.
 
View user's profile Send private message Visit poster's website
Guardian2003
PostPosted: Mon Jul 05, 2004 5:58 am Reply with quote

Oh yes, I have everything turned on Smile
Yes I gathered the IP might have been spoofed but I have manually banned the critter anyway.
I included the IP in case anyone else was getting results from the same IP - I hate 'trends'.
 
Guardian2003
PostPosted: Mon Jul 05, 2004 6:05 am Reply with quote

Erm, Embarassed seems someone turned it off. No one is going to admit to it so all Admin rights have been revoked.
My apologies to Raven and the others that contributed to this great script (thought it was strange Sentinel didnt catch it).
As punishment for not checking before I posted I have declined the temptation to delete the post Embarassed Bang Head Rolling Eyes
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Mon Jul 05, 2004 7:47 am Reply with quote

Guardian2003 wrote:
Erm, Embarassed seems someone turned it off. No one is going to admit to it so all Admin rights have been revoked.
My apologies to Raven and the others that contributed to this great script (thought it was strange Sentinel didnt catch it).
As punishment for not checking before I posted I have declined the temptation to delete the post Embarassed Bang Head Rolling Eyes
Evil or Very Mad /me slaps the Guardian Smack How dare thee doubt The Sentinel? Art though mad like some rabid dog? I smite thee on both cheeks. Now begone you mindless drone before I really get provoked!

Wink


Last edited by Raven on Mon Jul 05, 2004 8:06 am; edited 1 time in total 
View user's profile Send private message
Guardian2003
PostPosted: Mon Jul 05, 2004 7:57 am Reply with quote

Ouch, ouch - thou hast teacheth me, tis better to have faith, than to articulate ones facial orifice from whenceforth such dire and foul smelling bovine excreta spews.

Laughing
 
Raven
PostPosted: Mon Jul 05, 2004 8:01 am Reply with quote

Thou art once again welcomed in the court. Cheers
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©