| Author |
Message |
porcupinepc
Involved
Joined: Sep 20, 2003
Posts: 261
Location: Schumacher, Ontario CANADA
|
 Posted:
Sun Jun 06, 2004 5:43 am |
|
I found out that my own IP address was banned from Sentinel. I cant get into my site. What gives?
Joe |
| |
|
  
 |
|
porcupinepc
|
| Posted:
Sun Jun 06, 2004 5:59 am |
|
After posting my previous message, i came across a message that mentioned editing a nuke NSN user file or something to that effect. I edited it and deleted my ip address and now i can get into my site. The error said:
Date & Time: 2004-06-06 07:34:58
Blocked IP: xxx.xxx.xxx.xxx
User ID: (1)
Reason: Abuse - UNION
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Query String: www.porcupinepc.com/nuke//modules.php?name=Web_Links&l_op=viewlink&cid=2%20UNION%20select%20counter,%20aid,%20pwd%20FROM%20nuke_authors%20
Forwarded For: none
Client IP: none
Remote Address: xxx.xxx.xxx.xxx
Remote Port: 61815
Request Method: GET
--------------------
Who-Is for IP
xxx.xxx.xxx.xxx
I never tried hacking my own site. How is this possible? Wrong setting in Sentinel?
Joe |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Jun 06, 2004 7:51 am |
|
What is the Blocked IP? That is the IP that was used to issue the union command. There is no wrong setting. Someone issued that command or it would not be in your logs. It is possible that your IP was spoofed, but nonetheless, if the command is in your logs, it was issued. |
| |
|
|
|
|
porcupinepc
|
| Posted:
Sun Jun 06, 2004 8:01 am |
|
Here is what i received from Outlook Express:
Date & Time: 2004-06-06 07:34:58
Blocked IP: 209.196.235.214
User ID: (1)
Reason: Abuse - UNION
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Query String: www.porcupinepc.com/nuke//modules.php?name=Web_Links&l_op=viewlink&cid=2%20UNION%20select%20counter,%20aid,%20pwd%20FROM%20nuke_authors%20
Forwarded For: none
Client IP: none
Remote Address: 209.196.235.214
Remote Port: 61815
Request Method: GET
--------------------
Who-Is for IP
209.196.235.214
OrgName: Northern Telephone Ltd.
OrgID: NTL
Address: P.O Box 4000
Address: New Liskeard, Ontario
Address: P0J 1P0
City:
StateProv:
PostalCode:
Country: CA
NetRange: 209.196.224.0 - 209.196.239.255
CIDR: 209.196.224.0/20
NetName: NT-NET
NetHandle: NET-209-196-224-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.NT.NET
NameServer: NS3.BELLGLOBAL.COM
Comment:
RegDate: 2001-02-22
Updated: 2003-09-05
TechHandle: PS700-ARIN
TechName: Snowdon, Peter
TechPhone: +1-705-647-3535
TechEmail: admin@nt.net
Joe |
| |
|
|
|
|
Raven
|
| Posted:
Sun Jun 06, 2004 8:14 am |
|
Joe, I can't explain how, but that is a hack attempt. Somewhere, somehow, that was done from that IP. Maybe someone posted a post, article, weblink, ehatever, and deliberately planted it so you would click it, I don't know. But, it came from your machine. |
| |
|
|
|
|
porcupinepc
|
| Posted:
Sun Jun 06, 2004 8:33 am |
|
On my site: www.porcupinepc.com/nuke there is a notice of a hacking attempt. Sentinel says it blocked: 202.156.2.114 - UNION
I did receive a email but it wasnt exactly this ip address.
Date & Time: 2004-06-05 11:26:07
Blocked IP: 202.156.27.169
User ID: (1)
Reason: Abuse - UNION
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Query String: www.porcupinepc.com/nuke//modules.php?name=Web_Links&l_op=viewlink&cid=2%20UNION%20select%20counter,%20aid,%20pwd%20FROM%20nuke_authors%20-
Forwarded For: 202.156.27.169
Client IP: none
Remote Address: 202.156.2.114
Remote Port: 55373
Request Method: GET
--------------------
Who-Is for IP
202.156.27.169
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
ReferralServer: whois://whois.apnic.net
NetRange: 202.0.0.0 - 203.255.255.255
CIDR: 202.0.0.0/7
NetName: APNIC-CIDR-BLK
NetHandle: NET-202-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS.RIPE.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1994-04-05
Updated: 2004-03-30
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net
Joe |
| |
|
|
|
|
SmackDaddy
Involved
Joined: Jun 02, 2004
Posts: 268
Location: Englewood, OH
|
| Posted:
Sun Jun 06, 2004 10:01 pm |
|
Maybe the hacker was masking their IP and spoofing with yours? Just a thought..... |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
