| Author |
Message |
GanjaUK
Life Cycles Becoming CPU Cycles
Joined: Feb 14, 2004
Posts: 633
Location: England
|
 Posted:
Wed Mar 03, 2004 12:56 am |
|
Just got 30 emails come in, all from hack attempt. 
Do you think these are hack attempts for real? Or something is going wrong. 2 different IP address, about 15 emails for each.
And also:
How is the best way to ban IP adds in nuke? |
| |
|
 
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Wed Mar 03, 2004 6:06 am |
|
For your safety, I deleted most of the information you posted 
The script cannot run amok, so those are for real.
Ban them in your .htaccess file
Deny from 24.170.126
Deny from 81.103.145
I always leave the last octet off as dhcp will always rotate around with that one. |
| |
|
|
|
|
GanjaUK
|
| Posted:
Wed Mar 03, 2004 8:54 am |
|
Ok, banned them in the .htaccess
Do you keep any sort of bad IP list from idiots who have tried to hack ravenphpscripts? It could be a good idea for nuke users to keep the same sort of deny list from known IP address. I guess most use a proxy though, so not sure how effective that would be.
Nice script btw  |
| |
|
|
|
|
Raven
|
| Posted:
Wed Mar 03, 2004 8:58 am |
|
Thanks. Proxy and dhcp would make it very hard. |
| |
|
|
|
|
GanjaUK
|
| Posted:
Wed Mar 03, 2004 5:12 pm |
|
He's back again tonight... This idiot seems determined to hack my site.
81.98.84.206
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
Using the IP tracking module, hes details show as: client-1231-p-1-lns.winn.dial.virgin.net
Its the same guy as last night, Looks like I might have to:
deny from 81
But I dont really want to block all IP starting with 81, blocking 81 would block out a large amount of fellow UK peeps what to do... |
| |
|
|
|
|
Raven
|
| Posted:
Wed Mar 03, 2004 6:31 pm |
|
Well, you won't have much choice. Block only as high as you need, e.g. 81.98 maybe. |
| |
|
|
|
|
southern
Client
Joined: Jan 29, 2004
Posts: 624
|
| Posted:
Thu Mar 04, 2004 11:12 am |
|
I got 142 hits from the same IP on my hackattempt in one night, Ganja, and the lamer is banned now. An interesting sideline is that I ran Sam Spade for Windows on my own site using zone transfer setting and it set off the hackattempt, so it seems port probing will initialize hackattempt.php. |
_________________
Computer Science is no more about computers than astronomy is about telescopes.
- E. W. Dijkstra |
|
|
|
|
Raven
|
| Posted:
Thu Mar 04, 2004 11:17 am |
|
The only thing that can set the script off is the UNION statement with the hex characters - nothing else. |
| |
|
|
|
|
southern
|
| Posted:
Thu Mar 04, 2004 11:34 am |
|
I believe you over Sam Spade!
BTW I had to put back all the security fixes from you and chatserv after upgrading, including the line in mainfile that calls hackattempt. Dang, but no harm done. |
| |
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Thu Mar 04, 2004 2:05 pm |
|
If you applied hacker.php to the other filters in mainfile.php
Like
if ($_SERVER['HTTP_USER_AGENT'] == "") {
for instance every time someone visited the site with no user agent (Like NIS users) it would fire off a message for each page they visited.
Just a thought but thats one I wouldn't add it to. |
| |
|
|
|
|
southern
|
| Posted:
Thu Mar 04, 2004 2:19 pm |
|
That's a thought... some poor souls must wonder what they did wrong. I can see a little old lady without a user agent browsing my recipes section when bing... you're a hacker, I'm calling the FBI... might give her a stroke. |
| |
|
|
|
|
GanjaUK
|
| Posted:
Thu Mar 04, 2004 2:19 pm |
|
| southern wrote: | | That's a thought... some poor souls must wonder what they did wrong. I can see a little old lady without a user agent browsing my recipes section when bing... you're a hacker, I'm calling the FBI... might give her a stroke. |
lol |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
