Trying to learn and understand

Posted: Sat Mar 08, 2008 11:19 am

Running NukeSentinel(tm) 2.5.16 and RavenNuke_v2.20.00.

I got a Blocked abuse and trying to understand whats its all about. Maybe some of you guys can assist me.
It read as follows:

Quote:

Date & Time: 2008-03-06 15:10:23 CET GMT +0100
Blocked IP: 81.169.168.*
User ID: Gäst (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007
Query String: www*.mysite.com/index.php?redir=<removed by admin>???
Get String: www*.mysite.com/index.php?redir=<removed by admin>???
Post String: www*.mysite.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 81.169.168.26
Remote Port: 29272
Request Method: GET

I follow the link <removed by admin>??? and it reurned this:

Code:

<removed by admin>


Sorry, but I don't want that code here.

registered · Posted: Sat Mar 08, 2008 2:04 pm

They are trying to run a script located on a remote server on your server. Sentinel blocked it. You are looking at the remote script, and as you can see, it is just issuing a series of tests, trying to see how your server is configured and if it has any exploitable features.

Fun huh? Sad

registered · Posted: Sat Mar 08, 2008 3:19 pm

For future reference folks, please do not post exploits in an open forum. If you would like for us to look at something, that is an acceptable use of PM. I have removed much of the posted details. Thanks.

registered · Posted: Sat Mar 08, 2008 4:33 pm

Look up Remote File Inclusion and you'll understand how it works

Posted: Sun Mar 09, 2008 12:53 pm

montego.. I apoligise for posting the exploit, It wont happen again.

evaders99, thank for the tip.
Gremmie, I agree.

Thanks for the info regarding my question.