Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
slackervaara
Worker
Worker


Joined: Aug 26, 2007
Posts: 236

PostPosted: Thu Sep 30, 2010 6:15 am Reply with quote

Yesterday one member observed in Who is where block, that one guest visited XSS on the site. I have investigated Sentinel Tracked IP:s and found this URL:
Only registered users can see links on this board! Get registered or login!

My theory is that as I have disabled cross scripting in .htaccess one hacker wants to investigate if XSS is also disabled true .htaccess.


Last edited by slackervaara on Thu Sep 30, 2010 6:39 am; edited 1 time in total 
View user's profile Send private message
Palbin
Site Admin


Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Thu Sep 30, 2010 6:29 am Reply with quote

I guess he is testing if $modules is filtered properly. Do not worry about it.

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
slackervaara
PostPosted: Thu Sep 30, 2010 1:52 pm Reply with quote

It was two russian ip-addresses that did such things and also for the forum module. I have naturally banned their ip-addresses.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©