| Author |
Message |
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
 Posted:
Mon Jul 05, 2004 4:31 am |
|
This is really different - or perhaps my naivety showing through.
I was just checking my IP logging module and saw an IP address that had hit 137 odd consecutive hits to the site.
Investigating further, as it was not a registered user, I noticed a UNION attack, which strangely Sentinel did not detect (I find that very hard to believe) and upon doing a whois for the IP, it gave Microsofts details.
I'm not going to post the attack here but will send it to Raven, Bob etc if needed.
As far as i'm aware, Sentinel blocks ANYTHING with 'union' in the url so this is a little disconcerting.
The IP was 207.46.98.42
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
NameServer: DNS1.CP.MSFT.NET
NameServer: DNS2.CP.MSFT.NET
NameServer: DNS1.TK.MSFT.NET
NameServer: DNS1.DC.MSFT.NET
NameServer: DNS1.SJ.MSFT.NET
Comment:
RegDate: 1997-03-31
Updated: 2002-12-05
RAVEN, if you need to check my logs, IP tracking etc I'm more than happy for you to have admin access to my site in case someone has found a workaround for Sentinel. |
| |
|
 
|
|
stephen2417
Worker
Joined: Jan 18, 2004
Posts: 244
Location: Bristolville, OH
|
| Posted:
Mon Jul 05, 2004 5:46 am |
|
Are you sure you had union protection enabled?
And thats probably a spoofed IP. |
| |
|
|
|
Guardian2003
|
| Posted:
Mon Jul 05, 2004 5:58 am |
|
Oh yes, I have everything turned on 
Yes I gathered the IP might have been spoofed but I have manually banned the critter anyway.
I included the IP in case anyone else was getting results from the same IP - I hate 'trends'. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Mon Jul 05, 2004 6:05 am |
|
Erm,  seems someone turned it off. No one is going to admit to it so all Admin rights have been revoked.
My apologies to Raven and the others that contributed to this great script (thought it was strange Sentinel didnt catch it).
As punishment for not checking before I posted I have declined the temptation to delete the post   |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Mon Jul 05, 2004 7:47 am |
|
| Guardian2003 wrote: | Erm, seems someone turned it off. No one is going to admit to it so all Admin rights have been revoked.
My apologies to Raven and the others that contributed to this great script (thought it was strange Sentinel didnt catch it).
As punishment for not checking before I posted I have declined the temptation to delete the post |
 /me slaps the Guardian  How dare thee doubt The Sentinel? Art though mad like some rabid dog? I smite thee on both cheeks. Now begone you mindless drone before I really get provoked!
 |
Last edited by Raven on Mon Jul 05, 2004 8:06 am; edited 1 time in total |
|
|
|
|
Guardian2003
|
| Posted:
Mon Jul 05, 2004 7:57 am |
|
Ouch, ouch - thou hast teacheth me, tis better to have faith, than to articulate ones facial orifice from whenceforth such dire and foul smelling bovine excreta spews.
 |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 05, 2004 8:01 am |
|
Thou art once again welcomed in the court.  |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
