Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Thu Nov 17, 2005 2:32 am Reply with quote

I was messing with this the other day. The code basically sends multiple pop-ups to the hackers machine if a hack attempt is detected. On my own site I have it set in Sentinel to activate when a union attack is detected.

I did find one gremlin though.
Make a forum post and when the forum page loads giving you the option to 'view forum' or 'view your post' - if you close that window (using IE) before the automatic redirect is executed, multiple pop-ups are despatched to your machine even with a protected IP.

I'm not overly worried by this behaviour as the chances of someone closing that particular browser window is pretty slim but I have noticed it works on other sites too - so you have been advised!
 
View user's profile Send private message Send e-mail
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Thu Nov 17, 2005 2:48 am Reply with quote

I have tested this every which way I could think of and I cannot replicate that "gremlin" ???
 
View user's profile Send private message
Guardian2003
PostPosted: Thu Nov 17, 2005 2:56 am Reply with quote

Interesting!
Will PM you.
 
Raven
PostPosted: Thu Nov 17, 2005 3:10 am Reply with quote

I tested it as per your instructions on your site and me thinks the gremlins are personal - I had no problems there either.
 
Guardian2003
PostPosted: Thu Nov 17, 2005 3:46 am Reply with quote

Many thanks for taking the time to test this - I would agree with your conclusion, it seems to be specific to my machine /browser / toolbars configuration.
The likelihood of tracing this back seems remote but I'll leave this thread here in case anyone has a similar experience, in which case we can compare notes.
 
j_felosi
Regular
Regular


Joined: Oct 17, 2005
Posts: 51

PostPosted: Fri Nov 18, 2005 9:10 pm Reply with quote

I found that it wasnt really hitting firefox so hard so I added the integer overflow exploit from milw0rm.com to abuse.html and union.html and It's worse on firefox than IE. Dont know about the new versions though. I think I got my last host's reseller suspended with them so I havent used em anymore. But they do get the point across..lol
 
View user's profile Send private message
Raven
PostPosted: Fri Nov 18, 2005 9:48 pm Reply with quote

Quote:
Dont know about the new versions though

There has never been a new version of PC Killer. Why mess with perfection ROTFL ?
 
j_felosi
PostPosted: Fri Nov 18, 2005 10:51 pm Reply with quote

I meant the new versions of firefox, The 1.5 rcs
The integer overflow woks with 1.0-1.07 but they may have fixed it, just a lil added bite for firefox lol Here it is, when you hit a page with this on firefox it will drain every bit of RAM on your computer and run your cpu to 100%
If anyone would like to try it make sure you have your task manager out and firefox process highlighted to kill..lol
Here is the link to the code: Only registered users can see links on this board! Get registered or login!
and here is a link to a live page to show you what it does, be careful though, Ive actually had hackers report me to my host for this..lol Only registered users can see links on this board! Get registered or login!

A very nice addition to the pc killers to insure script kiddies with firefox doesnt get away without taking some beating.
UPDATE: yep, works with new 1.5 version of firefox too, just as bad or even worse..lol
 
thebishop
Worker
Worker


Joined: Aug 30, 2005
Posts: 243
Location: Flying to close to the sun

PostPosted: Fri Dec 23, 2005 5:59 am Reply with quote

would i just paste that code into the union.html and abuse.html to make this work.
i have had a bunch of hack attempts lately and they have all been using firefox.
 
View user's profile Send private message
Raven
PostPosted: Fri Dec 23, 2005 10:55 am Reply with quote

No. You must load the files in the abuse folder and then in each blocker setting use the Forward option to the killer page/file.
 
thebishop
PostPosted: Fri Dec 23, 2005 12:06 pm Reply with quote

im sorry i should have been more explicit, i was asking about j_felosi's post about the milworm script for firefox. my pc killer is working fine. i tested it.
but a most of the attempted hackers were using firefox.

i was wondering were the code for that integer overflow goes.
thanks Raven.
 
thebishop
PostPosted: Sun Oct 29, 2006 5:22 pm Reply with quote

I almost forgot about this and with the latest attempts to hack my site, any extra torture i can serv up for the script kiddies is more then welcome.

Can someone tell me exactly were i would place the milworm text in the abuse.html and union.html's. thanks.

" Only registered users can see links on this board! Get registered or login! "
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©