Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
nimis
Hangin' Around


Joined: Dec 13, 2007
Posts: 37
Location: New York, Bklyn

PostPosted: Sat Mar 08, 2008 11:19 am Reply with quote

Running NukeSentinel(tm) 2.5.16 and RavenNuke_v2.20.00.

I got a Blocked abuse and trying to understand whats its all about. Maybe some of you guys can assist me.
It read as follows:

Quote:
Date & Time: 2008-03-06 15:10:23 CET GMT +0100
Blocked IP: 81.169.168.*
User ID: Gäst (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007
Query String: www*.mysite.com/index.php?redir=<removed by admin>???
Get String: www*.mysite.com/index.php?redir=<removed by admin>???
Post String: www*.mysite.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 81.169.168.26
Remote Port: 29272
Request Method: GET

I follow the link <removed by admin>??? and it reurned this:

Code:
<removed by admin>

Sorry, but I don't want that code here.


Last edited by nimis on Sun Mar 09, 2008 12:55 pm; edited 1 time in total 
View user's profile Send private message
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Sat Mar 08, 2008 2:04 pm Reply with quote

They are trying to run a script located on a remote server on your server. Sentinel blocked it. You are looking at the remote script, and as you can see, it is just issuing a series of tests, trying to see how your server is configured and if it has any exploitable features.

Fun huh? Sad

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Sat Mar 08, 2008 3:19 pm Reply with quote

For future reference folks, please do not post exploits in an open forum. If you would like for us to look at something, that is an acceptable use of PM. I have removed much of the posted details. Thanks.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat Mar 08, 2008 4:33 pm Reply with quote

Look up Remote File Inclusion and you'll understand how it works

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
nimis
PostPosted: Sun Mar 09, 2008 12:53 pm Reply with quote

montego.. I apoligise for posting the exploit, It wont happen again.

evaders99, thank for the tip.
Gremmie, I agree.


Thanks for the info regarding my question.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©