| Author |
Message |
mds
Client
Joined: Dec 24, 2004
Posts: 194
Location: Michigan
|
 Posted:
Wed Jul 20, 2005 9:24 pm |
|
#1
sentinal has been doing its job and blocking from the following :
is this some sort of worm attack again ?
Date & Time: 2005-07-19 20:36:12 PDT GMT -0700
Blocked IP: 62.236.56.36
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/4.0
Query String: www.xx.com/modules.php?name=Forums&file=viewtopic&t=2981&highlight=\'.system(getenv(HTTP_PHP)).\'
Get String: www.xx.com/modules.php?name=Forums&file=viewtopic&t=2981&highlight=\'.system(getenv(HTTP_PHP)).\'
Post String: www.xx.com/modules.php
Forwarded For: none
Client IP: none
Remote Address: 62.236.56.36
Remote Port: 49727
Request Method: GET
------------------------------------------------------------------------------
#2
there is a couple factors that tie in all at once....one i upgraded to 7.6 patched 2.9 full from nuke resources .com and 2 i noticed bout the same time i was getting the banned emails from sentinal....
my question is has anybody had an issue with 7.6 patched 2.9 full maxing out the DB querys at 50,000 or is it the attack im under doing it ? |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Thu Jul 21, 2005 10:18 am |
|
You hosting with iPowerweb by any chance?
If you have IP Tracking on and your site is fairly active, you could max out that many queries. That query looks very suspicious to me. But, it could be that someone is trying to search for that phrase. |
| |
|
|
|
|
count
New Member
Joined: Jun 23, 2005
Posts: 16
|
| Posted:
Thu Jul 21, 2005 3:32 pm |
|
Is iPowerweb the only host that has this 50k query limit ? |
| |
|
|
|
|
Raven
|
| Posted:
Thu Jul 21, 2005 4:32 pm |
|
I can't say for sure but I get MANY new hosting clients because of that ridiculously low limit  |
| |
|
|
|
|
count
|
| Posted:
Thu Jul 21, 2005 5:22 pm |
|
Knew there had to be some catch to that ridiculously low per month price and massive amount of space |
| |
|
|
|
|
Raven
|
| Posted:
Thu Jul 21, 2005 6:47 pm |
|
Yep. It's like being sold a Ferrari and having a throttle blocker on it. All the potential is of no use. |
| |
|
|
|
|
mds
|
| Posted:
Thu Jul 21, 2005 9:32 pm |
|
| Raven wrote: | You hosting with iPowerweb by any chance?
|
yes
| Raven wrote: | | That query looks very suspicious to me |
for this when ive run the IP in dnsstuff.com all IP's that have been blocked have been from other countries...only a couple of the IP's where tracked to the same country... |
| |
|
|
|
|
count
|
| Posted:
Sat Jul 23, 2005 6:17 pm |
|
Could not read the user_nuke.nuke_authors table : User 'user_username' has exceeded the 'max_questions' resource (current value: 50000)
Feeling that govener now 
You jinx'd me |
| |
|
|
|
|
Raven
|
| Posted:
Sat Jul 23, 2005 6:56 pm |
|
 - Come on over to unlimited queries/questions  |
| |
|
|
|
|
count
|
| Posted:
Sun Jul 24, 2005 1:05 am |
|
Already been reading up on it |
| |
|
|
|
|
mds
|
| Posted:
Mon Aug 15, 2005 10:41 pm |
|
ok found my issue  i had used 1 username for 2 DB's ...so when i changed to a new 1 all is good again......
on another note sentinal is working excellent as well ....it blocked an attempt to change the god admin info from a hacker...and my site stayed up this time |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
