Author |
Message |
utssace
Worker
Joined: Feb 18, 2006
Posts: 155
Location: Virginia
|
Posted:
Sat Aug 12, 2006 7:13 pm |
|
I think my site has been hacked.
Sentinel has blocked my IP. I got the Admin-Abuse email but the IP listed was mine. When I tried to log into my admin, I got the White BEGONE page, then after another attempt, I got the black Sentinel screen telling i have been blocked.
The email also had info about the apparent hacker....I think. It appears to be someone within my ISP...cox.net
How can I get back into my site and any ideas on how this could happen? |
|
|
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
Posted:
Sat Aug 12, 2006 7:15 pm |
|
Please pm me via yahoo or msn, both listed in my profile. |
_________________ For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
|
|
utssace
|
Posted:
Sat Aug 12, 2006 8:09 pm |
|
Sorry darklord, but I don't see your addresses in your profile. |
|
|
|
|
utssace
|
Posted:
Sat Aug 12, 2006 9:09 pm |
|
Here is the email I got from Sentinel:
Note, the Remote IP listed as *.*.*.* was my IP listed. I think someone hacked my computer and was screwing around.
Code:Date & Time: 2006-08-12 21:27:45 EDT GMT -0400
Blocked IP: *.*.*.*
User ID: Anonymous (1)
Reason: Abuse-Admin
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Query String: [ Only registered users can see links on this board! Get registered or login! ]
Get String: [ Only registered users can see links on this board! Get registered or login! ]
Post String: [ Only registered users can see links on this board! Get registered or login! ]
Forwarded For: none
Client IP: none
Remote Address: *.*.*.*
Remote Port: 3682
Request Method: GET
--------------------
Who-Is for IP
OrgName: Cox Communications Inc.
OrgID: CXA
Address: 1400 Lake Hearn Drive
City: Atlanta
StateProv: GA
PostalCode: 30319
Country: US
NetRange: 70.160.0.0 - 70.191.255.255
CIDR: 70.160.0.0/11
NetName: NETBLK-COX-ATLANTA-10
NetHandle: NET-70-160-0-0-1
Parent: NET-70-0-0-0-0
NetType: Direct Allocation
NameServer: NS.COX.NET
NameServer: NS.WEST.COX.NET
NameServer: NS.EAST.COX.NET
Comment:
RegDate: 2004-07-21
Updated: 2005-08-03
OrgAbuseHandle: IC146-ARIN
OrgAbuseName: Cox Communications, Inc
OrgAbusePhone: +1-404-269-7626
OrgAbuseEmail: [ Only registered users can see links on this board! Get registered or login! ]
OrgTechHandle: SHACK-ARIN
OrgTechName: Shackelford, Scott
OrgTechPhone: +1-404-269-7626
OrgTechEmail: [ Only registered users can see links on this board! Get registered or login! ]
|
|
|
|
|
|
utssace
|
Posted:
Sat Aug 12, 2006 9:13 pm |
|
I need to know how to get control of my site back. please. I can get on the site from another computer but mine is blocked.
Also, what should I check for injections? |
|
|
|
|
gregexp
|
Posted:
Sun Aug 13, 2006 12:50 am |
|
dark.lordrisesagain for yahoo
[ Only registered users can see links on this board! Get registered or login! ] for msn |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
Posted:
Sun Aug 13, 2006 3:50 am |
|
Quote: | When I tried to log into my admin, I got the White BEGONE page |
The begone is usally because of illegal characters in your admin name which are not allowed.
If you search here, you ´ll find the answer to the most problems. Also how to unban blocked IP´s from htaccess, database or nukesentinel administration is the first you should learn if you use nukesentinel. |
|
|
|
|
utssace
|
Posted:
Sun Aug 13, 2006 6:45 am |
|
Sorry about the trouble. I should have searched further.
It was my fault, I was trying to log in using my regular user name like a dummy. Then Sentinel blocked me.
I still don't understand the WhoIs data that Sentinel produced above. It has a name and address in there. |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
Posted:
Sun Aug 13, 2006 7:48 am |
|
|
|
|
|