Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
JRSweets
Worker
Worker


Joined: Aug 06, 2004
Posts: 192

PostPosted: Fri Nov 12, 2004 5:56 pm Reply with quote

I was looking in the HTTP Referers section on my site and saw this entry a bunch of times:

Code:
http://wizard.yellowbrick.oz


Does anyone know what the heck this is, and should I at it to Sentinels blocked referers list?

Thanks.
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Fri Nov 12, 2004 6:44 pm Reply with quote

well this explains it.....
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
JRSweets
PostPosted: Sat Nov 13, 2004 1:55 am Reply with quote

Thank you. So if I put that in the block referers list it will block anyone coming from there from now on right?

Thanks for the help.
 
hitwalker
PostPosted: Sat Nov 13, 2004 3:51 am Reply with quote

well if it will be blocked i dont know but this descibed how the spoofing is done....

Fetching a URL from a Perl Script

    #!/usr/bin/perl -w
    # titlebytes - find the title and size of documents
    use strict;
    use LWP::UserAgent;
    use HTTP::Response;
    use URI::Heuristic;
    my $raw_url = shift or die "usage: $0 url\n";
    my $url = URI::Heuristic::uf_urlstr($raw_url);
    $| = 1; # to flush next line
    printf "%s =>\n\t", $url;
    # bogus user agent
    my $ua = LWP::UserAgent->new( );
    $ua->agent("Schmozilla/v9.14 Platinum"); # give it time, it'll get there
    # bogus referrer to perplex the log analyzers
    my $response = $ua->get($url, Referer => "http://wizard.yellowbrick.oz");
    if ($response->is_error( )) {
    printf " %s\n", $response->status_line;
    } else {
    my $content = $response->content( );
    my $bytes = length $content;
    my $count = ($content =~ tr/\n/\n/);
    printf "%s (%d lines, %d bytes)\n",
    $response->title( ) || "(no title)", $count, $bytes;
    }
    When run, the program produces output like this:

    % titlebytes Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! =>
    The Perl Journal (109 lines, 4530 bytes)
    Yes, "referer" is not how "referrer" should be spelled. The standards people got it wrong when they misspelled HTTP_REFERER. Please use double r's when referring to things in English.

    The first argument to the get method is the URL, and subsequent pairs of arguments are headers and their values.
 
beetraham
Regular
Regular


Joined: Dec 13, 2003
Posts: 94
Location: Finland (EU)

PostPosted: Sat Nov 13, 2004 4:00 am Reply with quote

JRSweets wrote:
So if I put that in the block referers list it will block anyone coming from there from now on right?

Thanks for the help.


Using the "abuse perl script" will allow that particular individual being malicious to use any other "HTTP_REFERER" strings as well.

So, given this, you'd most probably find it necessary to consider to block the IP as well, as these "script-kiddies" are usually originated from single IP's only (not necessarily. but often so).

BR,

-beetraham

_________________
- Let there be no windows at your home - 
View user's profile Send private message
hitwalker
PostPosted: Sat Nov 13, 2004 4:04 am Reply with quote

well as someone wrote on the link i posted ....


    Well guys, I used IP deny for:
    64.247.5.101
    66.7.159.26
    66.17.15.164
    169.204.165.61
    Amongst others and have had no visits from the wizard of Oz since
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©