Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script
Author Message
rickleigh
Worker
Worker



Joined: Jan 06, 2009
Posts: 183

PostPosted: Sat Feb 14, 2009 2:51 pm Reply with quote

I have been getting a lot of traffic from [ Only registered users can see links on this board! Get registered or login! ] IP addresses. Should I be worried about these users? They are all from other countries. So far I haven’t seen any bans made for hack attempts.
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Sat Feb 14, 2009 7:13 pm Reply with quote

At the macro level? No. At the micro level? Very likely. You need to look at what they are doing when they visit your site. You can use NukeSentinel's(tm) tracked IP Listing and/or examine your server access logs.
 
View user's profile Send private message
rickleigh







PostPosted: Sat Feb 14, 2009 8:24 pm Reply with quote

Raven

I was looking through some of the tracking and I found this link with the text following it.
Quote:
/modules.php?name=Submit_News&subject=Poigioupbus favyavapord&topic=2&alanguage=english&story=google [ Only registered users can see links on this board! Get registered or login! ] gust is a concerted set of messages aimed at influencing the opinions or behavior of thickset numbers of people. in locate of of impartially providing intellect, agitprop in its most required reason presents intellect in appropriate to reconstruct its audience. The most operative hype is almost always explicitly for detail, but some agitprop presents facts selectively to reinforcing a figures ly unifying, or gives closed-minded messages in appropriate to draw together an crazed rather than unexcited retaliation to the intellect presented. The desired d‚nouement expose is a party of the cognitive character of the overlook in the end audience
What do you think this is or they were trying to do. I followed the link and get this error:
Quote:
Forbidden

Referred From : [ Only registered users can see links on this board! Get registered or login! ]
Your IP : 24.***.***.***
The Page Requested: /modules.php?name=Submit_News&subject=Poigioupbus%20favyavapord&topic=2&alanguage=english&story=<h%20href=\"http://google.com\">google</a> [ Only registered users can see links on this board! Get registered or login! ]
people.%20in%20locate%20of%20of%20impartially%20providing%20intellect,%20agitprop%20in%20its%20most%20required%20reason%20presents%20intellect%20in%20appropriate%20
to%20reconstruct%20its%20audience.%20The%20most%20operative%20hype%20is%20almost%20always%20explicitly%20for%20detail,%20but%20some%20agitprop%20presents%20facts%20
selectively%20to%20reinforcing%20a%20figures%20ly%20unifying,%20or%20gives%20closed-minded%20messages%20in%20appropriate%20to%20draw%20together%20an%20crazed%20
rather%20than%20unexcited%20retaliation%20to%20the%20intellect%20presented.%20The%20desired%20d,nouement%20expose%20is%20a%20party%20of%20the%20cognitive%20
character%20of%20the%20overlook%20in%20the%20end%20audience
Agent : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Redirect Status : 403

I dont have no such content on my site. It also seams like most of the rest start the Registration process but never finish the last step.
 
Raven







PostPosted: Sat Feb 14, 2009 10:52 pm Reply with quote

My guess would be that they are/were just testing to see if they could directly post/submit an article to your site. Had they been able to do so then they would either have spammed your site with junk or they would take their penetration testing to the next level, eventually trying/hoping to reach their ultimate destination - some kind of destruction.
 
rickleigh







PostPosted: Sat Feb 14, 2009 11:29 pm Reply with quote

A few of them also had links that the took me to a forums topic called (Information) which says its locked and cant be posted in. But, when I go to the forums Admin I dont see that topic. Can you tell me what that would be all about?

Thanks for the information and help by the way. Your site is really great!


Last edited by rickleigh on Sun Feb 15, 2009 10:12 am; edited 1 time in total 
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sun Feb 15, 2009 2:14 am Reply with quote

(Information) just means there's an error message.

Note: RIPE is just a network for European addresses. It is not an ISP itself. You are not being attacked by them. More than likely, a malicious user is using a botnet to control compromised systems to do their dirty work.

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
rickleigh







PostPosted: Sun Feb 15, 2009 10:58 pm Reply with quote

After doing some more research on these Ripe users I seen this is a common problem with these users using bots to attack and try to spam sites. I would prefer not to have them wasting my bandwidth and running my stats up with crap.

Is there a way to block all users from this company?
 
Raven







PostPosted: Sun Feb 15, 2009 11:33 pm Reply with quote

Just as an FYI, it's not really a company Smile

Imo, that would be extreme overkill but you're the boss Wink - I did a Google search on How to ban all RIPE network addresses and there are several hits. The first one seems to be an excellent discussion.
[ Only registered users can see links on this board! Get registered or login! ]
 
rickleigh







PostPosted: Mon Feb 16, 2009 8:12 am Reply with quote

Raven,

Thanks Raven. I guess I'm just still upset that the last site I tried to host got taken over before I could even get it off the ground. I followed the install instructions to the letter this time on how to secure the site.

Nothing against your site but, when I made the mistake of posting my site's URL here for help. All hell broke lose as I think they use help forums like these to find there next victims.
 
Raven







PostPosted: Mon Feb 16, 2009 8:46 am Reply with quote

They scan anything that is open to public view. My personal take on it is I let Sentinel do its job and I scan my access logs and zap the gnats and bugs the best I can. Banning China will certainly cut down your exposure. Just keep in mind that IP spoofing will allow them to come right back in. That's why it's so hard to really ban someone who wants in. Spoofing is easy and widespread, mostly due to all the windows users that don't bother to update their machines Wink
 
grmm
New Member
New Member



Joined: Nov 15, 2008
Posts: 18
Location: Idaho, USA

PostPosted: Thu Jun 03, 2010 3:01 pm Reply with quote

Raven wrote:
At the macro level? No. At the micro level? Very likely. You need to look at what they are doing when they visit your site. You can use NukeSentinel's(tm) tracked IP Listing and/or examine your server access logs.


Where is this "Server Access Log" please?
 
View user's profile Send private message Visit poster's website
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Thu Jun 03, 2010 3:54 pm Reply with quote

Most hosts provide such access via your account control panel. I would log into your hosting account control panel and look for server logs. If you cannot find them, I would ask your host as to how you may review the access logs for your account.

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
grmm







PostPosted: Thu Jun 03, 2010 9:39 pm Reply with quote

Thanks Montego, I appreciate your help.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©