| Author |
Message |
Digital-Overload
Hangin' Around
Joined: May 13, 2005
Posts: 26
|
 Posted:
Sat Oct 15, 2005 9:21 pm |
|
A User That I Know is Not a Hacker Keeps Getting, IP Was Confirmed By the Person, and I've Been Emailing Back and forth, and the person gets added immediately after i take the IP off the list...
This started happening to the person about a week ago..
ISP = Earthlink
Date & Time: 2005-10-14 21:25:53 Pacific Daylight Time GMT -0700
Blocked IP:
User ID: Anonymous (1)
Reason: Abuse-HarvestString Match: joc--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; iebar; acc=jocker; acc=none; .NET CLR 1.1.4322)
Query String: [ Only registered users can see links on this board! Get registered or login! ]
Get String: [ Only registered users can see links on this board! Get registered or login! ]
Post String: [ Only registered users can see links on this board! Get registered or login! ]
For: 4.152.210.65
Client IP: noneRemote
Address: 207.69.139.142
Remote Port: none
Request Method: GET
And Gets A Permanent Ban, I Remove the IP Address from the Database and It Re-Adds It,
What Is Causing this?
Ie.. a Virus or Something? (ie. Jocker.exe) [guessing since acc=jocker is present] |
| |
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6432
|
| Posted:
Sat Oct 15, 2005 10:55 pm |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sat Oct 15, 2005 10:55 pm |
|
You ask what is causing this. Your email tells you very clearly
Reason: Abuse-HarvestString Match: joc--------------------
If you look in your NukeSentinel Blocker Configuration you will find an entry for joc web spider under Harvester Blocker Settings. Remove it at your own risk - probably very small. |
| |
|
|
|
|
Digital-Overload
|
| Posted:
Sun Oct 16, 2005 10:07 am |
|
K, I Will Tell the Person to Run Virus Scan First,
I Dont know What "ACC=JOCKER" is.. But Google Gave me Positive results for Earthlink+Joc Webspider
thanks.... |
| |
|
|
|
|
Digital-Overload
|
| Posted:
Mon Oct 17, 2005 11:23 am |
|
Raven,
Would Adding 4.152.210.0 ->< 4.152.210.255 To Protected IP Range Let the User have access without Disabling any Secuirity Options? |
| |
|
|
|
|
Raven
|
| Posted:
Mon Oct 17, 2005 11:34 am |
|
Yes, but if his IP changes due to DHCP outside of that range then he will still have issues. |
| |
|
|
|
|
Digital-Overload
|
| Posted:
Mon Oct 17, 2005 12:39 pm |
|
so far all the IPs the user has, have been in that range (4.152.210.xxx), so.. its temp fix for now, the user has run dozens of virus / anti spyware scans, and still gets blocked regardless of using IE Mozilla/Firefox etc, is there a particular Program Name Causing this?
also, if i turned Off the Jocker Harvest Blocker Would would be the Risks? ie, what could someone do...
you've been a tremendous help and Sentinel has Blcoked well over 100 admin abusers and stuff in the short 4 or 5 months i've been running it.. |
| |
|
|
|
|
Raven
|
| Posted:
Mon Oct 17, 2005 2:14 pm |
|
If he is still being blocked after all that, then have him clear his cache and delete all cookies. Also, if he is using Zone Alarm or Norton make sure that they are not interferring at the firewall level. |
| |
|
|
|
|
Digital-Overload
|
| Posted:
Mon Oct 17, 2005 7:11 pm |
|
thanks, lmao, you were right, I add IP range to protected list and the IP Shifts a Little when she comes back, yeesh,
so what would disabling Joc Web Spider Harvest Open Me Up To?
Thanks IN Advance, You've been a Tremendous Help.. |
| |
|
|
|
|
Raven
|
| Posted:
Mon Oct 17, 2005 7:15 pm |
|
Maybe nothing but a little bandwidth. Google on Joc Web Spider and read what it's all about and then just make the call. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
