Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
spurtus
Regular
Regular


Joined: May 13, 2006
Posts: 89

PostPosted: Mon Nov 26, 2007 10:25 pm Reply with quote

I got hit this weekend with several hundred of this type of message from sentinel:

    Date & Time: 2007-11-24 02:06:42 PST GMT -0800 Blocked IP: 81.220.61.* User ID: Anonymous (1)
    Reason: Abuse-Filter
    --------------------
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) Query String: Only registered users can see links on this board! Get registered or login!
    Get String: Only registered users can see links on this board! Get registered or login!
    Post String: Only registered users can see links on this board! Get registered or login!
    Forwarded For: none
    Client IP: none
    Remote Address: 81.220.61.150
    Remote Port: 15618
    Request Method: GET
    --------------------
    Who-Is for IP


There is no whois content for the IPs in any of the several hundred cases, not sure why. But the URL after the "name=" parameter on the get string is always a different URL, all from the .RU domain. Can someone tell me what this type of message means? I am glad that Sentinel caught it, but not sure how bad this is.

Thanks!

Spurt
 
View user's profile Send private message Yahoo Messenger
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Nov 27, 2007 1:19 am Reply with quote

Automated bots are attacking your site... don't worry, they are attacking ours too!
81.220.61.150 pulls up a French ISP in whois, my guess is another compromised machine.

You are safe from this using Sentinel and phpNuke itself has been patched against this exploit for a long while. Still, remain vigilant and keep your software up-to-date.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
spurtus
PostPosted: Tue Nov 27, 2007 6:13 pm Reply with quote

Thanks!

According to my Sentinel Admin panel, I am on version 2.5.08, and a newer version is available (2.5.14). Do you recommend I upgrade (and do I get those bits here?). I presume so...will check.

spurt
 
evaders99
PostPosted: Tue Nov 27, 2007 10:00 pm Reply with quote

Yes you will want to upgrade. Get the latest version from Only registered users can see links on this board! Get registered or login!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©