Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Security Alert
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Frogger
Worker
Worker



Joined: Oct 06, 2003
Posts: 108
PostPosted: Sat Oct 25, 2003 11:24 pm Reply with quote
If you are being indexed by the following site, it may be in your best interest to ban the IPs from access. If you are uncertain, check your logs.

http://www.netvigator.com/

This URL resolves to a host in China and if you decide to visit the site, you will be met with a lot of requests to install language files.

Quote:
4 IPs and URLs to search variants of on your site.

218.102.90.9 pcd558009.netvigator.com 2003-10-25 08:11:07 124
219.76.64.4 imsbbcf08.netvigator.com 2003-10-25 08:10:20 16
219.76.64.1 imsbbcf05.netvigator.com 2003-10-25 08:10:12 30
219.76.64.2 imsbbcf06.netvigator.com 2003-10-25 08:08:26 22

Info obtained from their whois entry.

NS3.NETVIGATOR.COM 218.102.23.228
NS4.NETVIGATOR.COM 203.198.7.66

If you ban the IPs in the following manner you should be safe from further problems without banning legitimate users from those IP ranges.

203.198.7.0
218.102.23.0
219.76.64.0


Earlier, I spoke to Raven about this and told him the 219.xxx IP was the most active, but it is the opposite.

The 219.xxx and 203.xxx IPs act like normal bots in the way they index and the 218.xxx seems to compile the information into one string. When looking at it in my raw access logs, each IP indexes a single file and then the file indexed shows up as an extra line in the 218.XXX log.

I have a file containing the entries from these three IPs that is 753k in size to give you an idea of how many files were indexed at my primary site.

Before starting this post I checked my logs and an attempt was made to begin indexing again, but was unsuccessful, . . . thankfully.

Don't know if I am explaining it correctly in computerEZE, but hopefully I am being clear to you on what it's doing.

I'm waiting for a reply from the technical staff of their host in an effort to determine whether this is indeed malicious or a bug in their indexing software.

Presently it doesn't adhere to rules set in robot.txt or .htaccess as it indexed all files currently set as protected.

This bot will access administrative accounts and modules, so please take this seriously.

I would like to think it is a bug in an effort to give everyone a fair chance at enhancing the sites they build, and also to avoid any negative impact this could have on their business and/or site.

Hope you catch this before they get you.

Watch this topic, as I will post any response received from their host.

If anyone else has experienced indexing from them, let us know.

_________________
Image 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger ICQ Number
blith
Client



Joined: Jul 18, 2003
Posts: 977
PostPosted: Fri Oct 31, 2003 8:29 am Reply with quote
I tried to do an IP ban on those three and I was told they were not a valid IP address....
 
View user's profile Send private message Visit poster's website
Frogger
PostPosted: Fri Oct 31, 2003 9:11 am Reply with quote
How did you attempt to ban them?

Did you use:

Code:
203.198.7.0 


218.102.23.0 


219.76.64.0


or the specific IPs for netvigator.com

Code:
218.102.90.9


219.76.64.4


219.76.64.1


219.76.64.2
 
blith
PostPosted: Fri Oct 31, 2003 9:42 am Reply with quote
I used the first three but it was a copy and paste issue. Interesting. I can't copy and paste them into my IP ban but if I type them they are accepted. I should use the first three right? Thanks


Last edited by blith on Fri Oct 31, 2003 11:07 am; edited 1 time in total 
Frogger
PostPosted: Fri Oct 31, 2003 9:54 am Reply with quote
Yes, as that will prevent all of the netvigator bots from accessing your site.

I am monitoring them to be sure they are the only IPs being used.

Also, I contacted the host of netvigator. Their mail server is either in a loop or they have autoresponders to their autoresponders.... Shocked

I was receiving repeat emails from them stating they are all out of the office until 10/28.... DOH! wasn't that a few days ago.... Finally had to stop their email.

They must be permanently out of office. hee, heee...
 
nosferatusleeps
New Member
New Member



Joined: Sep 15, 2003
Posts: 5
Location: Australia
PostPosted: Sun Nov 30, 2003 8:12 am Reply with quote
Is this still an issue Frogger?
 
View user's profile Send private message
Frogger
PostPosted: Sun Nov 30, 2003 12:23 pm Reply with quote
After repeated attempts to contact the ISP/Host or reps at Netvigator, no response was ever received, so I have banned all netvigator IPs from my domains.

There have been a couple of attempts from them, but it seems to have stopped.

I'm not the pro here, but if it were a bot you'd think attempts would continue. It may be that they were running it manually?

You're everywhere, huh? Wink
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©