Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v1.x Distro
Author Message
deadl0ck
Hangin' Around


Joined: Apr 09, 2006
Posts: 44

PostPosted: Tue Jan 23, 2007 4:07 am Reply with quote

Hi all,
One of the admins on my site keeps getting blocked.

Here's the details that NukeSentinal is reporting:
Code:


Blocked IP:   none...*
User:   Anonymous
Agent:   Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Blocked on:   2007-01-23 05:10:46
Notes:   Added by NukeSentinel(tm)
Reason:   Abuse-Union
 
Query String:   
Get String:   
Post String:   
Forwarded For:   none
Client IP:   none
Remote Address:   190.38.180.203
Remote Port:   2612
Request Method:   GET


Query String:
Code:
Query String: Only registered users can see links on this board! Get registered or login! query=& query=loquesea&instory=/* */UNION/* */SELECT/* */0,0,pwd,0,aid/* */FROM/* */nuke_authors



Get String:
Code:
Get String: Only registered users can see links on this board! Get registered or login! */UNION/* */SELECT/* */0,0,pwd,0,aid/* */FROM/* */nuke_authors



Post String:
Code:
Post String: Only registered users can see links on this board! Get registered or login!


Any ideas as to why this keeps happening ?
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Jan 23, 2007 7:28 am Reply with quote

If this IP address is truelly that of your admin, then why is he/she attempting to use a UNION attack on your site to show him/her all your admin usernames and passwords?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
deadl0ck
PostPosted: Tue Jan 23, 2007 8:39 am Reply with quote

I doubt it's my admin - but I think the "none...*" IP address is blockig him from getting to the site

What is "none...*" ?
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Jan 24, 2007 12:42 am Reply with quote

I'm not sure why it says "none", esp since it is recording an IP under Remote Address
190.38.180.203

What version of Sentinel are you using?

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
deadl0ck
PostPosted: Wed Jan 24, 2007 2:15 am Reply with quote

AT the top of the NS Admin PAGE I see:

NukeSentinel(tm) 2.4.2pl3

I assume that's the version ?
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Wed Jan 24, 2007 3:24 am Reply with quote

You really need to update to the latest version but regardless of that, if that is the IP of your admin (you can cross reference his IP easily enough as its listed in his forum posts - its next to the quote / edit / delete buttons) that string does indicate he was attempting a union attack on your site.

The 'blocked ip= ' might be because the IP is protected - thats purely a guess as I dont have a copy of that specific version of Sentinel to check the code.
 
View user's profile Send private message Send e-mail
deadl0ck
PostPosted: Wed Jan 24, 2007 3:32 am Reply with quote

He's posted from a few different IPs over a period of time, but the one listed above isn'tan address he's ever posted from - the vast majority of his posts are from the same IP.

What verision should I upgrade to ? The latest ?
 
Guardian2003
PostPosted: Wed Jan 24, 2007 3:52 am Reply with quote

Yes you should upgrade to the latest version.
If the IP address in the Sentinel email is not one your user has posted from AND given the fact that the user is listed as 'anonymous' (not logged in) I would be even more included to suspect the user was not an admin.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v1.x Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©