Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
7777777s
New Member
New Member



Joined: Jan 16, 2005
Posts: 9

PostPosted: Sun Oct 09, 2005 10:46 pm Reply with quote

I noticed that a few commercial site were listed as referrers in groups of a dozen+ of them listing the same site.

What are they up to? Are they attempting to hack my site? Have they hacked the sites I end up blocking?

I am using Nuke Sentinel 2.4.2 and PHP-Nuke 7.6 + patched 3.1

I added these sites to the Blocked Referers list and received multiple IP blocks per URL, a dosen or more blocks in less than 4 minutes from the same URL but different IPs. The IPs blocked appear to be unconnected to the URL listed as referred.

Examples of URLs that are doing this:
phentermine-diet-pills.hawaiicity.com
phentermine-1-online.move.to
ddeb.com
texas-poker.islandmix.com
cheap-phentermine-directory.edj.pl
guestbooks.pathfinder.gr/read/diet-pills
online-casino.anyticketusa.com

A detalied listing from one of them:
Blocked IP String Match Date Time

212.78.76.199 ddeb.com 10/9/2005 13:59:56
82.116.145.28 ddeb.com 10/9/2005 13:59:45
82.99.145.226 ddeb.com 10/9/2005 13:59:24
193.230.219.12 ddeb.com 10/9/2005 13:58:59
210.135.97.6 ddeb.com 10/9/2005 13:58:49
210.0.216.227 ddeb.com 10/9/2005 13:58:37
80.25.13.51 ddeb.com 10/9/2005 13:58:01
203.131.80.158 ddeb.com 10/9/2005 13:57:52
217.117.65.20 ddeb.com 10/9/2005 13:57:35
205.238.131.169 ddeb.com 10/9/2005 13:57:25
203.139.135.114 ddeb.com 10/9/2005 13:57:09
24.18.158.154 ddeb.com 10/9/2005 13:56:57
82.233.83.67 ddeb.com 10/9/2005 13:56:58
212.227.60.85 ddeb.com 10/9/2005 13:56:49
200.222.68.39 ddeb.com 10/9/2005 13:56:41
 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661

PostPosted: Mon Oct 10, 2005 4:51 am Reply with quote

no... Smile

The block ..

phentermine-diet-pills.hawaiicity.com
phentermine-1-online.move.to
ddeb.com
texas-poker.islandmix.com
cheap-phentermine-directory.edj.pl
guestbooks.pathfinder.gr/read/diet-pills
online-casino.anyticketusa.com

i do recoqnise them as the same that normaly flooded the blogs by attacking guestbooks.
The meaning of it all is that they try to leave a fake message in your guestbook and put a but of pills and casino website links in it...


no worries...
just block them...
 
View user's profile Send private message
Susann
Moderator



Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Mon Oct 10, 2005 12:14 pm Reply with quote

If you have also a blog try Bad Behavior it´s a great tool against spam. Smile
[ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6432

PostPosted: Mon Oct 10, 2005 6:45 pm Reply with quote

Danke, Susann. Bad Behaviour looks very interesting - have you discussed this with the NukeSentinel team for possible integration or cross-pollenation?

_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG
 
View user's profile Send private message
Susann







PostPosted: Mon Oct 10, 2005 6:55 pm Reply with quote

Hallo,

I found Bad Behavior 15 days before and its integrated in my blog.My first thought was it´s similar with Nuke Sentinel and the author said on his website that it works with other CMS too. It´s really a very interesting tool.Of course you can discuss this.
 
CurtisH
Life Cycles Becoming CPU Cycles



Joined: Mar 15, 2004
Posts: 638
Location: West Branch, MI

PostPosted: Tue Oct 11, 2005 9:47 am Reply with quote

Indeed, it would be interesting if someone would port this to PHP-Nuke. I personally am sick and tired of having to constantly add new referrer bans due to the jerks that are trying to improve their search rank by riding my referrer list etc....

_________________
Those who dream by day are cognizant of many things which escape those who dream only by night. ~Poe 
View user's profile Send private message Visit poster's website Yahoo Messenger
Susann







PostPosted: Tue Oct 11, 2005 11:01 am Reply with quote

Constantly new referrers is indeed the big problem. I´m also tired about this.
My referer block is full with casinos,pills and other sh** websites. We have 3 languages. This means we get a lot of international (referrer-)spam. Ever heard about "Hi, from Maria" ?It´s email-spam. If I ever met with her, I would kill "M".
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©