Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Hack attempt.... What next?
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)
Author Message
Trubador
Regular
Regular



Joined: Dec 28, 2004
Posts: 94
PostPosted: Tue Mar 15, 2005 2:57 pm Reply with quote
'ello all.

I've definately had my very first attempted author hack today. (Trubador comes of age Smile )

the real question is .... What next? Can any one direct me to a FAQ or post on this question?

And if anyone wants to add to your banned IP list here's the Email.

Code:
Date & Time: 2005-03-15 15:29:53


Blocked IP: 81.213.198.55


User ID: Anonymous (1)


Reason: Abuse-Author


--------------------


User Agent: Mozilla 4.0 (Linux)


Query String: (site address removed)/admin.php?op=AddAuthor&add_aid=kiegera&add_name=Goda&add_pwd=playboya&add_email=r00t_System@hush.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox


Forwarded For: none


Client IP: none


Remote Address: 81.213.198.55


Remote Port: 1259


Request Method: POST


Cheers all and definately cheers Raven and Sentinel !!!!

Trub
 
View user's profile Send private message
TheosEleos
Life Cycles Becoming CPU Cycles



Joined: Sep 18, 2003
Posts: 960
Location: Missouri
PostPosted: Tue Mar 15, 2005 4:19 pm Reply with quote
They have been banned from your site. I'd say Sentinel has done its job and you can go in using your site normally.

_________________
http://jamesdibben.com 
View user's profile Send private message Visit poster's website AIM Address ICQ Number
buildingmaster01
Regular
Regular



Joined: Dec 11, 2004
Posts: 68
Location: Indiana, USA
PostPosted: Tue Mar 15, 2005 6:29 pm Reply with quote
Thank you for posting that information!!!

Guess who I had today? The exact same guy! Smile

He has tried hitting my site twice now (or at least since I have gotten sentinel). His ip changed since last time. I might suggest doing 81.213.*.* instead of 81.213.198.55. (That is the correct way to block him, right?)
 
View user's profile Send private message Yahoo Messenger MSN Messenger
southern
Client



Joined: Jan 29, 2004
Posts: 624
PostPosted: Wed Mar 16, 2005 8:09 pm Reply with quote
Sure you could. Do you have the .htaccess write-to by Sentinel enabled?

_________________
Computer Science is no more about computers than astronomy is about telescopes.
- E. W. Dijkstra 
View user's profile Send private message
buildingmaster01
PostPosted: Wed Mar 16, 2005 8:15 pm Reply with quote
Yes, I do. I have even tested it (by accident). Very Happy
 
southern
PostPosted: Wed Mar 16, 2005 8:44 pm Reply with quote
Well, you could always ban him manually in Sentinel or type it into .htaccess:
deny from 81.213
 
Digital-Overload
Hangin' Around



Joined: May 13, 2005
Posts: 26
PostPosted: Fri May 13, 2005 1:32 pm Reply with quote
ok...

got 7.6 running with the 3.0 patch and sentinel... how do i set it up to block this screw ball..
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Fri May 13, 2005 10:42 pm Reply with quote
Chances are that IP is not allocated to the same user now. If you have set the various blockers in your NS Configuration panel then anyone who attempts that attack will be automatically blocked.
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©