Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
krubach
New Member
New Member


Joined: Jun 15, 2006
Posts: 19

PostPosted: Fri Sep 08, 2006 4:58 am Reply with quote

Something strange happened today...

I had already 6 banned IP's on NS's IP ban list, some of them automatically added, others manually added.

The strange thing is all of those disappeared from the list (and DB) and a new one appeared :

Blocked IP - 196.201.77.*
Date - 2006-09-08 @ 05:59:26
Expires - Permanent
Reason - Harvest

I guess somehow the hacker managed to delete the records from the DB...

I'm getting tired of these kids... and prepared to give up and close down my website which has +4,000,000 visitors (phpNuke report, so i guess it's the number of generated pages...)
 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Fri Sep 08, 2006 5:54 am Reply with quote

where did you get that wishdom from ?
Nice catching title btw but you cannot hack sentinel..
and you better check your settings....im so very positive that the answer lies there...
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Fri Sep 08, 2006 7:09 am Reply with quote

Normally Sentinel puts the blocked IP's in both the blocked IP table and in htaccess. Did you check both? Did you check them by doing display blocked IP's in Sentinel or by looking at the table directly or both? And did you look at .htaccess. The only way a hacker could remove them from both places would be if he/she/it had administrative access to your Sentinel or if he could run a script on your site or get into both phpmyadmin and web site adminstration or FTP to edit the .htaccess file. That obviously would be fairly serious, in fact they would rule you. So if you are really sure this happened you'd be best off to see who might have access to your site administratively and check your logs carefully to see what's going on and look for files that shouldn't be there. The usual litany of things to do when you've been hacked.
 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Fri Sep 08, 2006 7:41 am Reply with quote

well my idea was that he is using the option to flush blocked ip's..
 
fkelly
PostPosted: Fri Sep 08, 2006 10:36 am Reply with quote

You might be right Hitwalker. I couldn't tell from the original post so I asked him to look into several different things. No matter what the cause, if the hacker has control over blocked IP's then he has administrative rights to the site.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©