Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Jun 13, 2006 10:49 pm Reply with quote

Code:
deny from 62.29.0.0/17

deny from 62.56.128.0/22
deny from 62.85.128.0/19
deny from 62.108.64.0/19
deny from 62.113.0.0/19
deny from 62.184.58.0/27
deny from 62.185.166.64/26
deny from 62.184.178.96/29
deny from 62.186.77.0/26
deny from 62.201.192.0/18
deny from 62.229.128.0/24
deny from 62.229.130.0/24
deny from 62.244.192.0/18
deny from 62.248.0.0/17
deny from 64.18.138.0/24
deny from 64.28.128.0/20
deny from 65.182.7.0/24
deny from 66.178.5.0/24
deny from 66.178.52.0/24
deny from 66.205.36.0/22
deny from 69.30.204.0/23
deny from 80.71.128.0/20
deny from 80.88.138.224/27
deny from 80.88.141.160/27
deny from 80.251.0.0/20
deny from 80.251.32.0/20
deny from 81.6.64.0/18
deny from 81.8.0.0/17
deny from 81.21.160.0/20
deny from 81.22.97.0/24
deny from 81.31.193.224/29
deny from 81.31.195.112/29
deny from 81.31.195.136/29
deny from 81.31.195.216/30
deny from 81.31.196.172/30
deny from 81.31.197.16/29
deny from 81.31.197.64/30
deny from 81.31.197.128/30
deny from 81.31.198.152/29
deny from 81.31.198.216/29
deny from 81.31.199.72/29
deny from 81.31.199.140/30
deny from 81.31.199.160/29
deny from 81.31.200.64/29
deny from 81.31.200.76/30
deny from 81.212.0.0/14
deny from 82.145.224.0/19
deny from 82.151.128.0/19
deny from 82.222.0.0/16
deny from 83.66.0.0/16
deny from 83.166.48.0/28
deny from 84.11.37.192/26
deny from 84.17.64.0/19
deny from 84.44.0.0/17
deny from 84.51.0.0/18
deny from 85.96.0.0/12
deny from 85.153.0.0/16
deny from 85.158.96.0/21
deny from 85.159.64.0/21
deny from 85.235.64.0/24
deny from 86.108.128.0/17
deny from 139.179.0.0/16
deny from 144.122.0.0/16
deny from 155.223.0.0/16
deny from 160.75.0.0/16
deny from 161.9.0.0/16
deny from 168.139.0.0/16
deny from 192.70.133.0/23
deny from 192.129.87.0/24
deny from 192.160.21.0/24
deny from 193.23.156.0/24
deny from 193.25.124.0/23
deny from 193.41.2.0/23
deny from 193.42.216.0/24
deny from 193.95.0.0/17
deny from 193.108.213.0/24
deny from 193.109.134.0/23
deny from 193.110.170.0/23
deny from 193.110.208.0/21
deny from 193.140.0.0/16
deny from 193.178.218.0/24
deny from 193.188.198.0/23
deny from 193.192.96.0/19
deny from 193.201.149.192/26
deny from 193.201.157.0/25
deny from 193.218.113.0/24
deny from 193.218.200.0/24
deny from 193.219.208.0/30
deny from 193.220.68.0/24
deny from 193.243.192.0/19
deny from 193.254.228.0/23
deny from 193.254.252.0/23
deny from 193.255.0.0/16
deny from 194.9.174.0/24
deny from 194.24.224.0/23
deny from 194.27.0.0/16
deny from 194.29.208.0/21
deny from 194.54.32.0/19
deny from 194.67.205.0/23
deny from 194.69.206.0/24
deny from 194.117.97.172/30
deny from 194.117.110.80/28
deny from 194.117.113.72/30
deny from 194.117.114.4/30
deny from 194.117.118.40/30
deny from 194.117.119.4/32
deny from 194.117.119.18/32
deny from 194.117.119.20/32
deny from 194.117.119.22/32
deny from 194.117.119.24/32
deny from 194.117.119.27/32
deny from 194.117.119.34/32
deny from 194.117.119.53/32
deny from 194.117.119.55/32
deny from 194.117.119.58/32
deny from 194.117.119.61/32
deny from 194.117.119.73/32
deny from 194.117.119.76/32
deny from 194.117.119.80/32
deny from 194.117.119.86/32
deny from 194.117.119.93/31
deny from 194.117.119.96/32
deny from 194.117.119.99/31
deny from 194.117.119.108/32
deny from 194.117.120.15/32
deny from 194.117.120.114/32
deny from 194.117.120.233/32
deny from 194.117.121.30/32
deny from 194.117.121.70/32
deny from 194.117.121.96/32
deny from 194.117.121.101/32
deny from 194.117.121.168/32
deny from 194.117.121.192/31
deny from 194.117.121.217/32
deny from 194.125.232.0/22
deny from 194.126.230.0/24
deny from 194.133.65.0/24
deny from 194.133.160.0/20
deny from 194.133.240.0/23
deny from 194.133.251.0/24
deny from 194.133.253.0/28
deny from 194.133.255.0/24
deny from 194.242.32.0/24
deny from 195.8.109.0/24
deny from 195.33.192.0/18
deny from 195.39.224.0/23
deny from 195.46.128.0/19
deny from 195.49.216.0/21
deny from 195.64.128.0/18
deny from 195.74.32.0/19
deny from 195.75.202.0/26
deny from 195.75.202.128/25
deny from 195.75.222.0/28
deny from 195.75.222.24/29
deny from 195.75.222.160/27
deny from 195.75.236.0/28
deny from 195.75.236.96/29
deny from 195.75.236.112/28
deny from 195.75.238.0/25
deny from 195.79.199.192/29
deny from 195.79.204.192/27
deny from 195.85.242.0/24
deny from 195.85.255.0/24
deny from 195.87.0.0/16
deny from 195.112.128.0/19
deny from 195.112.160.16/30
deny from 195.112.166.12/30
deny from 195.112.166.52/30
deny from 195.112.166.60/30
deny from 195.112.166.68/29
deny from 195.112.166.80/30
deny from 195.128.32.0/21
deny from 195.128.254.0/23
deny from 195.137.222.0/23
deny from 195.140.196.0/22
deny from 195.142.0.0/16
deny from 195.149.85.0/24
deny from 195.149.116.0/24
deny from 195.155.0.0/16
deny from 195.174.0.0/15
deny from 195.177.206.0/23
deny from 195.177.230.0/23
deny from 195.183.236.192/26
deny from 195.212.230.0/24
deny from 195.212.244.8/29
deny from 195.213.69.144/28
deny from 195.214.128.0/18
deny from 195.234.165.0/24
deny from 195.242.122.0/23
deny from 195.244.32.0/19
deny from 195.245.227.0/24
deny from 195.254.128.0/19
deny from 196.3.132.0/20
deny from 196.29.64.0/19
deny from 196.32.32.0/19
deny from 196.203.0.0/16
deny from 199.89.210.0/24
deny from 200.3.176.0/21
deny from 200.9.216.0/24
deny from 200.108.0.0/19
deny from 201.238.64.0/18
deny from 209.94.192.0/19
deny from 212.2.192.0/19
deny from 212.12.128.0/19
deny from 212.15.0.0/19
deny from 212.21.197.240/29
deny from 212.29.64.0/18
deny from 212.31.0.0/19
deny from 212.33.0.0/19
deny from 212.45.64.0/19
deny from 212.48.224.0/19
deny from 212.50.32.0/19
deny from 212.57.0.0/19
deny from 212.58.0.0/19
deny from 212.63.170.168/30
deny from 212.63.172.212/30
deny from 212.63.172.224/30
deny from 212.63.180.0/30
deny from 212.63.180.8/30
deny from 212.63.180.16/30
deny from 212.63.180.28/30
deny from 212.63.180.40/29
deny from 212.63.180.56/30
deny from 212.63.180.68/30
deny from 212.63.180.84/30
deny from 212.63.180.92/30
deny from 212.63.180.108/29
deny from 212.63.180.120/29
deny from 212.63.180.200/30
deny from 212.64.192.0/19
deny from 212.65.128.0/19
deny from 212.79.96.0/22
deny from 212.79.122.0/23
deny from 212.98.0.0/19
deny from 212.98.192.0/18
deny from 212.101.96.0/19
deny from 212.108.128.0/19
deny from 212.109.96.0/19
deny from 212.109.224.0/19
deny from 212.115.0.0/19
deny from 212.125.0.0/19
deny from 212.127.96.0/19
deny from 212.133.128.0/17
deny from 212.146.128.0/17
deny from 212.154.0.0/17
deny from 212.156.0.0/16
deny from 212.174.0.0/15
deny from 212.252.0.0/15
deny from 213.14.0.0/16
deny from 213.31.190.48/28
deny from 213.31.223.144/28
deny from 213.43.0.0/16
deny from 213.62.14.64/26
deny from 213.62.40.192/26
deny from 213.74.0.0/16
deny from 213.138.0.0/19
deny from 213.139.192.0/18
deny from 213.143.224.0/19
deny from 213.144.96.0/19
deny from 213.148.64.0/19
deny from 213.150.160.0/19
deny from 213.153.128.0/17
deny from 213.155.96.0/19
deny from 213.159.32.0/19
deny from 213.161.128.0/19
deny from 213.181.38.192/26
deny from 213.186.128.0/19
deny from 213.194.64.0/18
deny from 213.202.0.0/19
deny from 213.204.64.0/18
deny from 213.208.3.192/29
deny from 213.208.39.0/24
deny from 213.209.169.144/29
deny from 213.232.0.0/18
deny from 213.236.32.0/19
deny from 213.238.128.0/18
deny from 213.243.0.0/18
deny from 213.248.128.0/18
deny from 213.254.128.0/19
deny from 216.139.188.192/27
deny from 217.17.144.0/20
deny from 217.21.68.0/22
deny from 217.23.110.96/27
deny from 217.31.224.0/19
deny from 217.64.144.0/20
deny from 217.64.208.0/20
deny from 217.68.208.0/20
deny from 217.77.241.113/32
deny from 217.77.241.218/32
deny from 217.77.242.169/32
deny from 217.77.246.192/30
deny from 217.131.0.0/16
deny from 217.138.38.248/29
deny from 217.169.192.0/20
deny from 217.173.157.128/28
deny from 217.173.157.192/27
deny from 217.173.158.64/27
deny from 217.174.32.0/20
deny from 217.174.224.0/20
deny from 217.194.135.160/28
deny from 217.195.192.0/20


Last edited by Raven on Sun Jun 25, 2006 3:51 pm; edited 1 time in total 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Wed Jun 14, 2006 6:10 am Reply with quote

very nice raven....thank you....
this is such a bestseller i put it in my forums to.... killing me
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Wed Jun 14, 2006 6:25 am Reply with quote

Just looking on my site this morning and saw a "suspicious" IP: 88.240.138.27

Looking it up on dnstuff.com
% Information related to '88.240.0.0 - 88.240.255.255'

inetnum: 88.240.0.0 - 88.240.255.255
netname: TurkTelekom


I'm not very good on CIDR arithmetic but it doesn't look like it would be included in your list?
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Wed Jun 14, 2006 7:05 am Reply with quote

Sure does. Send it over to Bob Marion to include in the next update. Thanks!

Deny from 88.240.0.0/16
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Wed Jun 14, 2006 8:31 am Reply with quote

Pity we cannot block based on NetName, we would only need one entry.
 
View user's profile Send private message Send e-mail
hitwalker
PostPosted: Wed Jun 14, 2006 9:04 am Reply with quote

my thought indeed...
but...another question rises...
how large can we make a htaccess ?
Cause mine is about 72kb ,that includes banned ip and rewrite rules.
 
Raven
PostPosted: Wed Jun 14, 2006 9:47 am Reply with quote

No size constraint.
 
Raven
PostPosted: Wed Jun 14, 2006 10:21 am Reply with quote

Only registered users can see links on this board! Get registered or login!

Get up-2-date Country vs IP database for free.
 
Guardian2003
PostPosted: Wed Jun 14, 2006 12:08 pm Reply with quote

Thanks Raven, that is certainly interesting. Something like this would save Bob a ton of work!
 
hitwalker
PostPosted: Wed Jun 14, 2006 12:15 pm Reply with quote

yes...its a nice playground...
 
Virgin_Steel
Worker
Worker


Joined: Sep 30, 2004
Posts: 108
Location: Sf

PostPosted: Sun Jun 25, 2006 2:54 pm Reply with quote

fkelly wrote:
Just looking on my site this morning and saw a "suspicious" IP: 88.240.138.27

Looking it up on dnstuff.com
% Information related to '88.240.0.0 - 88.240.255.255'

inetnum: 88.240.0.0 - 88.240.255.255
netname: TurkTelekom


I'm not very good on CIDR arithmetic but it doesn't look like it would be included in your list?


My site has been hacked by Query in Search Module from 88.224.202.147 , can anyone help me to download the patch from here Only registered users can see links on this board! Get registered or login! because the file in this download is broken, but i want to fix this.The site has been hacked in this way Only registered users can see links on this board! Get registered or login! ... They stole one of my admin's account.
SOrry for the offtopic , maybe it was better to post new one topic, but it's connected with the Turkey's attack.
 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
hitwalker
PostPosted: Sun Jun 25, 2006 3:12 pm Reply with quote

you shouldnt download these but stick to the patched nuke versions...
the how,what,where,..info can be found around the whole site...not to mention a dozen other sites.....
 
Ariannus
New Member
New Member


Joined: Nov 23, 2004
Posts: 4

PostPosted: Thu Jun 29, 2006 11:14 pm Reply with quote

>.< we just got hacked by a turk, he used 85.99.207.154 first, nukesentinal blocked him, then he tried again on 85.181.34.109 and got us.. he seemed to want us to send him an email telling him how well he did since he left a mail addrs and a how leet are we! msg.
 
View user's profile Send private message
synaptyx
Hangin' Around


Joined: Jul 20, 2006
Posts: 41

PostPosted: Fri Aug 04, 2006 5:49 am Reply with quote

How about banning russia?
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sun Aug 13, 2006 10:01 am Reply with quote

NukeSentinel along with the latest IP2Country tables should get any country you need

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
synaptyx
PostPosted: Sun Aug 13, 2006 2:11 pm Reply with quote

Sweet. I'm a n00b, so apologies for lameness. Smile
 
djrino
Regular
Regular


Joined: Mar 11, 2005
Posts: 52

PostPosted: Mon Oct 02, 2006 3:42 pm Reply with quote

Hi
my site was hacked from turkey Only registered users can see links on this board! Get registered or login!

now my questions..
this guis have gained access to my cpanel and have putted my site to the trash..
now i have reloaded my site and one day i have received a blank page..
i have viewed my site with the ftp program and i see only the directory but all .php files ave gone deleted.... it s possible to an hacker make this?
the hacker have gained the control of my cpanel not for a bug on my phpnuke site but waht? becouse i have all patch installed and running the last version of sentinel.


but my questions is..
depending or not to my phpnuke site with this metod i ban all turkey?

Many tnx
 
View user's profile Send private message
evaders99
PostPosted: Mon Oct 02, 2006 5:09 pm Reply with quote

Yes it is possible they got access to your cpanel. If you still have access logs, maybe you can determine how they got in. (However if your cpanel was attacked directly, it may be other server logs that you need to search).

Go ahead and ban all of Turkey. It will save you a lot of trouble
 
Raven
PostPosted: Mon Oct 02, 2006 8:03 pm Reply with quote

He probably did not gain access to your cPanel. He probably used an exploit in phpbb (or some other known exploit) and deleted your files.
 
djrino
PostPosted: Tue Oct 03, 2006 7:12 am Reply with quote

Many tnx for answer..

only one questions becouse i'm not a programer..

the .htaccess with these ips i can put it on my public_htm righ?

many tnx for all

Rino
 
fkelly
PostPosted: Tue Oct 03, 2006 7:50 am Reply with quote

You can put the .htaccess in public_html, yes.

Just be aware that banning a specific list of IP's, while it's a start, does not give you total or even nearly total security. Hackers can fake an IP address. You need to have Sentinel installed and properly configured in addition. Also, you should probably be using Sentinel's IP2country facilities to ban countries ... Russia, Turkey, Brazil come to mind off the top, unless you have clients or users there. And there are threads here that you can search on about immunizing yourself to the current PHPBB attacks that are taking place.
 
djrino
PostPosted: Tue Oct 03, 2006 7:55 am Reply with quote

Many tnx
Yes i have the last version of sentinel i dont say but for me sentinel is configured good, becouse i have serched a tutorial or manula how to configure it but no result...

Yes i have installed IP2country and now i ban a turkey..
about PHPBB im searching now on this site any topic about this..

many tnx for your time Smile
 
Raven
PostPosted: Tue Oct 03, 2006 9:02 am Reply with quote

Try this:

Only registered users can see links on this board! Get registered or login!
 
djrino
PostPosted: Tue Oct 03, 2006 9:14 am Reply with quote

Hi Raven

yes i heve followed this steps

Only registered users can see links on this board! Get registered or login!

and the crypt

Only registered users can see links on this board! Get registered or login!

All work Good

now im searching how to viev the version of my phpbb and upgrade manually

Many tnx
Rino
 
Truden
New Member
New Member


Joined: Dec 14, 2004
Posts: 18
Location: Johannesburg/South Africa

PostPosted: Tue Oct 03, 2006 9:26 am Reply with quote

Guys, why not ban Russia, China, North Korea and the whole former eastern block Very Happy
I'm sure there are some more that you could think of...

Do you think that everybody in Turkey hate you and your web site???

I was hacked two times from islamic hackers, and the attacks came from Turkey, but few days ago I had attack from Germany.
So if few more "German" attempts come must I ban Germany!?

You can not stop hatred with hatred.
That is the way to multiply it.

Work harder on your web site and on your Love.
There are no bad people and nations - there is bad understanding.
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©