Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
TheosEleos
Life Cycles Becoming CPU Cycles


Joined: Sep 18, 2003
Posts: 960
Location: Missouri

PostPosted: Sun Aug 29, 2004 10:45 pm Reply with quote

212.27.41.37 - - [21/Aug/2004:08:28:11 -0400] "GET /robots.txt HTTP/1.0" 200 215 "-" "Pompos/1.3 Only registered users can see links on this board! Get registered or login!"

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website AIM Address ICQ Number
TheosEleos
PostPosted: Sun Aug 29, 2004 10:45 pm Reply with quote

*GASP*

He's learning!
 
Nukeum66
Life Cycles Becoming CPU Cycles


Joined: Jul 30, 2003
Posts: 551
Location: Neurotic, State, USA

PostPosted: Sun Aug 29, 2004 10:46 pm Reply with quote

Nukeum66 wrote:
It will look something like this

Quote:
xx.xx.51.210 - - [10/May/2004:00:42:47 -0700] "GET /robots.txt HTTP/1.1" 200 3636 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MSIECrawler)"


User-agent in bold

_________________
Scott Johnson MIS Ubuntu/Linux 11.10 
View user's profile Send private message Visit poster's website
Nukeum66
PostPosted: Sun Aug 29, 2004 10:49 pm Reply with quote

Now if you want to ban that User agent add it to Sentinel Harvester list
 
TheosEleos
PostPosted: Sun Aug 29, 2004 10:50 pm Reply with quote

I use textpad and nothing is in bold text. I downloaded the raw access log from cpanel.
 
TheosEleos
PostPosted: Sun Aug 29, 2004 10:51 pm Reply with quote

hehe..ok..thanks.
 
TheosEleos
PostPosted: Sun Aug 29, 2004 10:53 pm Reply with quote

My goodness I am a bot magnet! Having dynamic titles is really paying off. I must have gotten 1,000 bot hits yesterday.
 
Nukeum66
PostPosted: Sun Aug 29, 2004 10:53 pm Reply with quote

This is the User-agent to be added to Sentinel Pompos/1.3
 
southern
Client


Joined: Jan 29, 2004
Posts: 591
Location: Texas

PostPosted: Thu Sep 02, 2004 2:59 pm Reply with quote

I'm gonna look in MY access logs. While researching a different issue I happened to look at my IP Tracking
and found this odd conjunction of requests:
Quote:

Page View Info
65.54.188.122 - 65.54.188.122

Page Viewed Date
/modules.php?name=News&new_topic=9 2004-09-02 05:01:03
/modules.php?name=Downloads&d_op=MostPopular 2004-09-02 05:00:49
/modules.php?name=Downloads&d_op=AddDownload 2004-09-02 05:00:31
/modules.php?name=Hemp&Recipes=1337593c9b1c7c6b206a6f82d14f1d4d 2004-09-02 05:00:24
/modules.php?name=News&new_topic=12 2004-09-02 04:59:11
/modules.php?name=News&new_topic=12 2004-09-02 04:58:09
/modules.php?name=HolyBible&Recipes=1337593c9b1c7c6b206a6f82d14f1d4d 2004-09-02 04:58:02
/modules.php?name=Web_Links&Recipes=1337593c9b1c7c6b206a6f82d14f1d4d 2004-09-02 04:57:41
/modules.php?name=Reviews&Recipes=1337593c9b1c7c6b206a6f82d14f1d4d 2004-09-02 04:57:29
/modules.php?name=Internet_Traffic_Report&Recipes=1337593c9b1c7c6b206a6f82d14f1d4d 2004-09-02 04:36:17
/modules.php?name=Search&author=southern 2004-09-02 04:35:41
/modules.php?name=Reviews 2004-09-02 03:45:15
/modules.php?name=WeatherHarvest&op=21&id=1726 2004-09-02 03:42:37
/modules.php?name=Statistics 2004-09-02 03:41:43
/modules.php?name=Music_creator 2004-09-02 03:41:40
/modules.php?name=StrongBad_E-Mail_Module 2004-09-02 03:41:38
/modules.php?name=Recommend_Us 2004-09-02 03:41:36
/modules.php?name=hangman 2004-09-02 03:41:34
/modules.php?name=Forums 2004-09-02 03:37:02
/modules.php?name=Internet_Traffic_Report 2004-09-02 03:37:00
/modules.php?name=Feedback 2004-09-02 03:36:57
/modules.php?name=Qshoutblock 2004-09-02 03:36:55
/modules.php?name=WeatherHarvest&op=17&id=1726 2004-09-02 03:36:52
/modules.php?name=News&file=article&sid=191 2004-09-02 03:36:37
/modules.php?name=Topics 2004-09-02 03:36:34
/modules.php?name=Games_II 2004-09-02 03:36:27
/modules.php?name=Journal 2004-09-02 03:35:44
/modules.php?name=News&new_topic=10 2004-09-02 03:35:15
/modules.php?name=News&new_topic=13 2004-09-02 03:35:03
/modules.php?name=Internet_Radio3 2004-09-02 03:34:28
/modules.php?name=News&new_topic=4 2004-09-02 03:34:26
/modules.php?name=Recipes 2004-09-02 03:34:23
/modules.php?name=Menu_creator 2004-09-02 03:34:21
/modules.php?name=SPChat 2004-09-02 03:34:09
/modules.php?name=FAQ 2004-09-02 03:34:07
/modules.php?name=CoconutShoot 2004-09-02 03:34:05
/modules.php?name=Web_Links 2004-09-02 03:34:04
/modules.php?name=shooting 2004-09-02 03:34:02
/modules.php?name=News&new_topic=2 2004-09-02 03:33:59
/modules.php?name=Idiots_Guide 2004-09-02 03:33:55
/modules.php?name=HolyBible 2004-09-02 03:30:15
/modules.php?name=WeatherHarvest 2004-09-02 03:29:56
/modules.php?name=Internet_security 2004-09-02 03:29:53
/modules.php?name=Hemp 2004-09-02 03:29:50
/modules.php?name=WeatherHarvest&op=5&id=1726 2004-09-02 03:29:47
/modules.php?name=Top 2004-09-02 03:29:43
/modules.php?name=Search 2004-09-02 03:29:18
/modules.php?name=PHP-Nuke_HOWTO 2004-09-02 03:29:16
/modules.php?name=User_Guide 2004-09-02 03:29:14
/modules.php?name=Members_List 2004-09-02 03:29:11
/modules.php?name=Search&topic=13 2004-09-02 03:29:09
/modules.php?name=SophosVirusInfo 2004-09-02 03:29:06
/modules.php?name=Mas_Oyama 2004-09-02 03:28:52
/modules.php?name=CanoeClobber 2004-09-02 03:28:49
/modules.php?name=Content 2004-09-02 03:28:46
/modules.php?name=Jackpot 2004-09-02 03:28:43
/modules.php?name=WeatherHarvest&op=12 2004-09-02 03:28:39
/modules.php?name=Games 2004-09-02 03:28:35
/modules.php?name=AvantGo 2004-09-02 03:28:33
/modules.php?name=Staff 2004-09-02 03:28:27
/modules.php?name=Calendar 2004-09-02 03:28:21
/modules.php?name=Stories_Archive 2004-09-02 03:27:36
/modules.php?name=WOT 2004-09-02 03:27:33
/modules.php?name=Submit_News 2004-09-02 03:27:30
/modules.php?name=Downloads 2004-09-02 03:27:14
/modules.php?name=Who-is-Where 2004-09-02 03:27:06
/modules.php?name=Anti_spam 2004-09-02 03:27:01
/modules.php?name=Surveys 2004-09-02 03:26:55
/index.php 2004-09-02 02:25:46
/index.php 2004-08-30 00:29:23
/index.php 2004-08-26 22:56:33
/index.php 2004-08-23 20:33:18
/index.php 2004-08-11 08:18:20

The IP resolves to Microsoft but why would anyone at Microsoft be trying to combine module names like that?
So into htaccess deny it went... Also there is a non-existent member name
BartBe just waltzing into every area.

_________________
Computer Science is no more about computers than astronomy is about telescopes.
- E. W. Dijkstra 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©