Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Thu May 04, 2006 2:25 am Reply with quote

Something,somehow,outsmarted sentinel cause i had the second signup now from a country that cannot even visit my site.
yesterday someone from turkey and now from thailand just registered.
And thailand is banned..just like turkey,as it clearly shows that the range the visitor was from is banned ,but registered !.
and with turkey yesterday the same story.
dnsstuff clearly showed turkey but sentinel couldnt even find the ip in its own system,it didnt exist.

And his thailand ip didnt show up in the tracked ip's !...and thats impossible..
Anyone have an idea?
 
View user's profile Send private message
nb1
Regular
Regular


Joined: Mar 03, 2005
Posts: 94
Location: OZ

PostPosted: Thu May 04, 2006 3:08 am Reply with quote

Some proxies are configurable with a TIS Firewall Toolkit Only registered users can see links on this board! Get registered or login!
Don't of this helps any but interesting as it may be on your recommendation from a previous post ,i blocked all of turkey as well will be watching this trade good luck

_________________
Member Of The Windows Vista help and Support Community 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
hitwalker
PostPosted: Thu May 04, 2006 3:55 am Reply with quote

well i dont know if thats the case here.
hard to imagine that i run into this twice !..in 2 days....
 
nb1
PostPosted: Thu May 04, 2006 4:33 am Reply with quote

Is it possible that the ip ranges for the country's have changed ? may be a Private IP Address Range? some windows 2000 servers can be set that way I would imagine as the size of the traffic increases in a region the ranges would change and updated
 
hitwalker
PostPosted: Thu May 04, 2006 4:53 am Reply with quote

well ip is thailand....
thats also in the mail...
and its in the blocked ranges as well,so im a bit lost here...
and even checked my full stats.... i cannot even find his ip...
 
nb1
PostPosted: Thu May 04, 2006 5:51 am Reply with quote

I can have an e-mail address any were in the world as long you know the proper information and as you well know emails can forwarded from one
address to another - so-that doesn't mean he is from thailand. does it ?. If we had a e mail from him might be easier to get a range by reading the e-mail header But on the other hand they can be spoofed as well MTP service extension (RFC 2554) that allows an SMTP client to negotiate a security level with a mail server. But if this precaution is not taken anyone with the know-how can connect to the server and use it to send spoofed messages by altering the header information My guess is that the range from that region has been changed hasn't been registered as a valid range which happens quite often in third world countries in other words technology is proceeding in such a rapid rate is hard to keep up with it
 
hitwalker
PostPosted: Thu May 04, 2006 5:55 am Reply with quote

with mail i mean the mail i get from my system when he registered...
were not talking about spoofed mail headers..lol
 
nb1
PostPosted: Thu May 04, 2006 8:20 am Reply with quote

I don't believe I said that we was I simply stated that it can be done And if you read my post you'll see where I stated if we had an e-mail we could possibly get a better idea of the origin did I not ?It is what I was talking about actually don't matter where what e-mail he used that does not mean it is where he is from
if I may ask what is the provider name for the e-mail server
 
hitwalker
PostPosted: Thu May 04, 2006 8:51 am Reply with quote

well your not reading well or dont understand..
when you signup at a phpnuke site the system sends out a mail like :

blablawhatever has applied at Phpnuke Database from xx.xxx.xx.xxx
-----------------------------------------------------------
Do not reply to this message


so it sends out an ip with it.
understand...
but also i cant find him in my serverlogs as last visitor....
nobody used the your account to register...
 
nb1
PostPosted: Thu May 04, 2006 11:03 am Reply with quote

not reading well or dont understand Laughing ya i understand
There are ways of masking ip addresses assigning the Mac addresses ect.. a person can log in through let's say a college that has its own network and have a Private IP Address Range and may be possible that the php system is not picking up the actual address of the person I know when I worked in telecommunications and set up the supervisors and doctors home networks there was all setup with a private ip range for security reasons and was highly un touchable from a outside source
I have a little knowledge on ip addresses and ranges and understand some the functions on how phpnuke works

my have been some sort of pocket loss ? during the sending of the registration e-mail that is causing a glitch in the program

Laughing Do not reply to this message Laughing just had to
 
hitwalker
PostPosted: Thu May 04, 2006 12:21 pm Reply with quote

no not 2 times in 2 days...
if this would all be true that would sentinel useless...so i dont believe that,and if an ip was spoofed somehow that doesnt explain why i couldnt find any visitor of my your_account for registration..........and thats the part your missing to.
 
nb1
PostPosted: Thu May 04, 2006 2:39 pm Reply with quote

understand what you're saying things are not showing up in the log that's supposed to under normal circumstances and i agree very strange to say the least what i was trying to do was to come up with a relational explanation for the issue having a private ip range doesn't necessarily mean spoofing is done on some networks to monitor activity but I wish you the best of luck in your endeavor and believe me I do understand what you're saying I think there is something lost in the translation here I regard you in high standards and have used and passed out several of your scripts off of
Only registered users can see links on this board! Get registered or login! For the last few years
 
hitwalker
PostPosted: Thu May 04, 2006 2:44 pm Reply with quote

ha..ha..thats nice,but im thinking of putting it into the main site..instead of the snippet directory..

but yes it bothers me a bit how they visit my site without leaving a trace ,fake ip okay....but you must leave some tracks....
 
nb1
PostPosted: Thu May 04, 2006 5:03 pm Reply with quote

your right and would bother me to is this a hosted server or your own have a lot more access to log files on your own ? yes you have to leave some tracks somewhere just a matter of Internet protocol
otherwise how would you be on the Internet Cool
do you get the time of the registration so you can compare
 
hitwalker
PostPosted: Thu May 04, 2006 5:05 pm Reply with quote

yes i did,i checked all logs within a range of 1 hour..
not even a trace to the your-account.
its like he never was on my site....
i cant explain it...
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©