Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
GanjaUK
Life Cycles Becoming CPU Cycles



Joined: Feb 14, 2004
Posts: 633
Location: England

PostPosted: Wed Mar 03, 2004 12:56 am Reply with quote

Just got 30 emails come in, all from hack attempt. Confused

Do you think these are hack attempts for real? Or something is going wrong. 2 different IP address, about 15 emails for each.

Quote:
24.170.126.90


And also:
Quote:

81.103.145.27


How is the best way to ban IP adds in nuke?
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Wed Mar 03, 2004 6:06 am Reply with quote

For your safety, I deleted most of the information you posted Smile

The script cannot run amok, so those are for real.

Ban them in your .htaccess file

Deny from 24.170.126
Deny from 81.103.145

I always leave the last octet off as dhcp will always rotate around with that one.
 
View user's profile Send private message
GanjaUK







PostPosted: Wed Mar 03, 2004 8:54 am Reply with quote

Ok, banned them in the .htaccess
Do you keep any sort of bad IP list from idiots who have tried to hack ravenphpscripts? It could be a good idea for nuke users to keep the same sort of deny list from known IP address. I guess most use a proxy though, so not sure how effective that would be.

Nice script btw Laughing
 
Raven







PostPosted: Wed Mar 03, 2004 8:58 am Reply with quote

Thanks. Proxy and dhcp would make it very hard.
 
GanjaUK







PostPosted: Wed Mar 03, 2004 5:12 pm Reply with quote

He's back again tonight... This idiot seems determined to hack my site.

81.98.84.206
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam

Using the IP tracking module, hes details show as: client-1231-p-1-lns.winn.dial.virgin.net

Its the same guy as last night, Looks like I might have to:
deny from 81

But I dont really want to block all IP starting with 81, blocking 81 would block out a large amount of fellow UK peeps Confused what to do...
 
Raven







PostPosted: Wed Mar 03, 2004 6:31 pm Reply with quote

Well, you won't have much choice. Block only as high as you need, e.g. 81.98 maybe.
 
southern
Client



Joined: Jan 29, 2004
Posts: 624

PostPosted: Thu Mar 04, 2004 11:12 am Reply with quote

I got 142 hits from the same IP on my hackattempt in one night, Ganja, and the lamer is banned now. An interesting sideline is that I ran Sam Spade for Windows on my own site using zone transfer setting and it set off the hackattempt, so it seems port probing will initialize hackattempt.php. Smile

_________________
Computer Science is no more about computers than astronomy is about telescopes.
- E. W. Dijkstra 
View user's profile Send private message
Raven







PostPosted: Thu Mar 04, 2004 11:17 am Reply with quote

The only thing that can set the script off is the UNION statement with the hex characters - nothing else. Confused
 
southern







PostPosted: Thu Mar 04, 2004 11:34 am Reply with quote

I believe you over Sam Spade!

BTW I had to put back all the security fixes from you and chatserv after upgrading, including the line in mainfile that calls hackattempt. Dang, but no harm done.
 
sixonetonoffun
Spouse Contemplates Divorce



Joined: Jan 02, 2003
Posts: 2496

PostPosted: Thu Mar 04, 2004 2:05 pm Reply with quote

If you applied hacker.php to the other filters in mainfile.php

Like
if ($_SERVER['HTTP_USER_AGENT'] == "") {

for instance every time someone visited the site with no user agent (Like NIS users) it would fire off a message for each page they visited.

Just a thought but thats one I wouldn't add it to.
 
View user's profile Send private message
southern







PostPosted: Thu Mar 04, 2004 2:19 pm Reply with quote

That's a thought... some poor souls must wonder what they did wrong. I can see a little old lady without a user agent browsing my recipes section when bing... you're a hacker, I'm calling the FBI... might give her a stroke.
 
GanjaUK







PostPosted: Thu Mar 04, 2004 2:19 pm Reply with quote

southern wrote:
That's a thought... some poor souls must wonder what they did wrong. I can see a little old lady without a user agent browsing my recipes section when bing... you're a hacker, I'm calling the FBI... might give her a stroke.


lol Laughing
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©