Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
viper155
Regular
Regular


Joined: Feb 18, 2006
Posts: 99

PostPosted: Wed Feb 22, 2006 11:53 am Reply with quote

I just installed nuke sent and it has banned a few people, however I want to get anyones opinion on if a few of these shoulda been banned.

Code:
Date & Time: 2006-02-22 08:20:40 PST GMT -0800

Blocked IP: 82.42.224.207
User ID: Anonymous (1)
Reason: Abuse-Referer
String Match: xxxx:
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Query String: tysontalk.com/index.php
Get String: tysontalk.com/index.php
Post String: tysontalk.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 82.42.224.207
Remote Port: 4219
Request Method: GET


Code:
Date & Time: 2006-02-22 04:37:19 PST GMT -0800

Blocked IP: 195.93.21.38
User ID: Anonymous (1)
Reason: Abuse-Referer
String Match: xxxx:
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1)
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 195.93.21.38
Remote Port: 50981
Request Method: GET


Code:
Date & Time: 2006-02-21 20:58:29 PST GMT -0800

Blocked IP: 200.206.251.*
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 200.206.251.9
Remote Port: 2293
Request Method: GET
 
View user's profile Send private message Visit poster's website
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Wed Feb 22, 2006 12:43 pm Reply with quote

The last one is an attack attempt so thats good.
The other two are debatable. The ban occured because they had a referer string of 'xxxx' which means they came from a site with 'xxxx' in the url - the connection is obvious!

I get quite a few of those myself and even though my email address is presented to them during the banning process and a message saying 'if you think you were banned unfairly, please email me' - no one has yet to email me.

Sentinel has banned a few people for other things and those people have always contacted me by email so you may draw your own conclusions.
 
View user's profile Send private message Send e-mail
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Feb 22, 2006 7:41 pm Reply with quote

A referer of XXXX usually means their firewall software supresses the referrer url. Usually it is just masking the real referer by replacing all letters with x
i.e. Only registered users can see links on this board! Get registered or login!

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Guardian2003
PostPosted: Wed Feb 22, 2006 8:24 pm Reply with quote

Hmm, so we wouldnt want that then as I can see this causing a problem for legitimate users who just happen to have decent firewalls installed
 
FireATST
RavenNuke(tm) Development Team


Joined: Jun 12, 2004
Posts: 637
Location: Ohio

PostPosted: Wed Feb 22, 2006 8:57 pm Reply with quote

So to prevent legitimate ones to get thru should I set the referrer to off in the settings. My understanding that it was so that questionable referrers were the ones blocked such as ones from porn sites.
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
viper155
PostPosted: Thu Feb 23, 2006 1:23 pm Reply with quote

So is this how the referrers system works..

If someone is currently browsing xxxchyangel.com and then they come to my site they would get banned, or does it have to be a link they clicked that was on xxxchyangel.com?

thanks

Oh and I did get a email from a guy today that was banned bc of the xxxx: referrer.. I dont know much but from what I read I dont think im taking to much of a risk to remove xxxx: from the list correct?
 
evaders99
PostPosted: Thu Feb 23, 2006 5:12 pm Reply with quote

No, I believe they have to actually click a link on that site that goes to your site. That should be the only way the browsers do it. However, referral spammers can still fake things.. so you shouldn't trust that all the referrals are true users

I don't believe there is a risk to deleting xxxx: - unless there is a site that xxxx: is a valid "spammed" address
 
tulisan
New Member
New Member


Joined: Aug 31, 2005
Posts: 1

PostPosted: Sun Aug 06, 2006 8:50 pm Reply with quote

the xxxx: string in the referer's list is what causing some people being banned. Im a bit confused since this is the only string in the referers list that is not in a URL format. Deleting this seems to solve the problem. However, The latest nuke sentinel still has this in the install sql file. should this string just be deleted?
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©