Sentinel blocked me

Worker Joined: Feb 18, 2006 Posts: 155 Location: Virginia

I think my site has been hacked.

Sentinel has blocked my IP. I got the Admin-Abuse email but the IP listed was mine. When I tried to log into my admin, I got the White BEGONE page, then after another attempt, I got the black Sentinel screen telling i have been blocked.

The email also had info about the apparent hacker....I think. It appears to be someone within my ISP...cox.net

How can I get back into my site and any ideas on how this could happen?

Posted: Sat Aug 12, 2006 7:15 pm

Please pm me via yahoo or msn, both listed in my profile.

Posted: Sat Aug 12, 2006 8:09 pm

Sorry darklord, but I don't see your addresses in your profile.

Posted: Sat Aug 12, 2006 9:09 pm

Here is the email I got from Sentinel:

Note, the Remote IP listed as *.*.*.* was my IP listed. I think someone hacked my computer and was screwing around.

Code:

Date &amp; Time: 2006-08-12 21:27:45 EDT GMT -0400


Blocked IP: *.*.*.*


User ID: Anonymous (1)


Reason: Abuse-Admin


--------------------


User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Query String: www.mysite/admin.php?op=Configure


Get String: www.mysite/admin.php?op=Configure


Post String: www.mysite/admin.php


Forwarded For: none


Client IP: none


Remote Address: *.*.*.*


Remote Port: 3682


Request Method: GET


--------------------


Who-Is for IP


OrgName:    Cox Communications Inc. 


OrgID:      CXA


Address:    1400 Lake Hearn Drive


City:       Atlanta


StateProv:  GA


PostalCode: 30319


Country:    US





NetRange:   70.160.0.0 - 70.191.255.255 


CIDR:       70.160.0.0/11 


NetName:    NETBLK-COX-ATLANTA-10


NetHandle:  NET-70-160-0-0-1


Parent:     NET-70-0-0-0-0


NetType:    Direct Allocation


NameServer: NS.COX.NET


NameServer: NS.WEST.COX.NET


NameServer: NS.EAST.COX.NET


Comment:    


RegDate:    2004-07-21


Updated:    2005-08-03





OrgAbuseHandle: IC146-ARIN


OrgAbuseName:   Cox Communications, Inc 


OrgAbusePhone:  +1-404-269-7626


OrgAbuseEmail:  abuse@cox.net





OrgTechHandle: SHACK-ARIN


OrgTechName:   Shackelford, Scott 


OrgTechPhone:  +1-404-269-7626


OrgTechEmail:  scott.shackelford@cox.com

Posted: Sat Aug 12, 2006 9:13 pm

I need to know how to get control of my site back. please. I can get on the site from another computer but mine is blocked.

Also, what should I check for injections?

Posted: Sun Aug 13, 2006 12:50 am

dark.lordrisesagain for yahoo
apac.greg@hotmail.com for msn

Posted: Sun Aug 13, 2006 3:50 am

Quote:

When I tried to log into my admin, I got the White BEGONE page

The begone is usally because of illegal characters in your admin name which are not allowed.

If you search here, you ´ll find the answer to the most problems. Also how to unban blocked IP´s from htaccess, database or nukesentinel administration is the first you should learn if you use nukesentinel.

Posted: Sun Aug 13, 2006 6:45 am

Sorry about the trouble. I should have searched further.

It was my fault, I was trying to log in using my regular user name like a dummy. Then Sentinel blocked me.

I still don't understand the WhoIs data that Sentinel produced above. It has a name and address in there.

registered · Posted: Sun Aug 13, 2006 7:48 am

The whois data represents the company that controls that block of IPs. In this case, your ISP. No real evidence the site was hacked, just yourself getting banned. You can easily remove the ban from your .htaccess or your database