Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x
Author Message
ms_combatmedic
New Member
New Member


Joined: May 15, 2006
Posts: 15

PostPosted: Sun Sep 21, 2008 8:25 am Reply with quote

Over the last several weeks I have seen an increase in this manner of hacking - What are they trying for & should I worry?

Code:
Date & Time: 2008-09-20 20:33:30 CDT GMT -0500Blocked IP: 61.18.170.*User ID: Anonymous (1)Reason: Abuse-Filter--------------------Referer: noneUser Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Foxy/1; Foxy/1; Foxy/2; SINU/2; InfoPath.1)HTTP Host: mgcclan.comScript Name: /index.phpQuery String: ';DECLARE @S CHAR(4000);SET @S=CAST(0x4445434C415245204054207661726437572736F72 AS CHAR(4000));EXEC(@S);Get String: \';DECLARE_@S_CHAR(4000);SET_@S=CAST(0x4445434C4152452040542076617 AS CHAR(4000));EXEC(@S);Post String: Not AvailableForwarded For: noneClient IP: noneRemote Address: 61.18.170.114Remote Port: 39762Request Method: GET


Last edited by ms_combatmedic on Sun Sep 21, 2008 9:18 am; edited 1 time in total 
View user's profile Send private message Visit poster's website
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sun Sep 21, 2008 8:44 am Reply with quote

No this isn´t new. Just use the search and maybe try Gremmies .htaccess solution.
 
View user's profile Send private message
ms_combatmedic
PostPosted: Sun Sep 21, 2008 8:47 am Reply with quote

ok, thanks for your rapid reply - what is this script suppose to do if Sentinel didn't block it?
 
Susann
PostPosted: Sun Sep 21, 2008 8:58 am Reply with quote

This is a mass attack.
Check this:
Only registered users can see links on this board! Get registered or login!
 
ms_combatmedic
PostPosted: Sun Sep 21, 2008 9:19 am Reply with quote

Susann - Am I understanding Gremmie, putting that fix into the .htaccess file?
 
Susann
PostPosted: Sun Sep 21, 2008 9:23 am Reply with quote

Yes, try it out.
 
ms_combatmedic
PostPosted: Sun Sep 21, 2008 9:30 am Reply with quote

Cheers!
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Mon Sep 22, 2008 5:22 am Reply with quote

NS should block it but very often you will get two emails per attack as the attack is so fast, NS doesn't have time to execute the 'write the banned IP to htaccess' before the second one gets through.

I got sick of these and now block them at server level with mod_security
 
View user's profile Send private message Send e-mail
ms_combatmedic
PostPosted: Mon Sep 22, 2008 5:26 am Reply with quote

Guardian2003 wrote:
I got sick of these and now block them at server level with mod_security


How is this done? I tried what Susann suggested yesterday, but this morning I awoke to 4 emails ( 2 attacks )
 
Guardian2003
PostPosted: Mon Sep 22, 2008 5:38 am Reply with quote

You need server level access so unless you have your own server or VPS you would not be able to use mod_security

If you do have that sort of access, then you can use
Code:


SecFilterSelective REQUEST_URI "DECLARE @S CHAR\(4000\)"
 
dad7732
RavenNuke(tm) Development Team


Joined: Mar 18, 2007
Posts: 1242

PostPosted: Wed Oct 08, 2008 7:40 am Reply with quote

Use to get over 100 per day. After adding the blocker to .htaccess I get ZERO now. IT WORKS !!!
 
View user's profile Send private message
ms_combatmedic
PostPosted: Wed Oct 08, 2008 8:51 am Reply with quote

Thanks dad7732! I will try that as well.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©