| Author |
Message |
sharlein
Member Emeritus
Joined: Nov 19, 2002
Posts: 322
Location: On the Road
|
 Posted:
Mon Jun 21, 2004 7:11 am |
|
I am wondering what is actually happening here. On June 9th I received this warning:| Quote: | Date & Time: 2004-06-09 10:06:48
Blocked IP: unknown...
User ID: Anonymous (1)
Reason: Abuse - AGENT
--------------------
User Agent: WebZIP/4.21 (http://www.spidersoft.com)
Query String: www.sharlein.net/index.php
Forwarded For: unknown
Client IP: none
Remote Address: 202.6.239.19
Remote Port: 50809
Request Method: GET
|
I believe this was generated by Sentinel™, as it was automatically added to the ban list. Then on June 20th I received this warning:| Quote: | 212.253.212.91
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 212.0.0.0 - 212.255.255.255
CIDR: 212.0.0.0/8
NetName: RIPE-NCC-212
NetHandle: NET-212-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS2.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: AUTH03.NS.UU.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1997-11-14
Updated: 2004-03-16
DOCUMENT_ROOT : /xx/xx/public_html
HTTP_ACCEPT : image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* HTTP_ACCEPT_ENCODING : gzip, deflate HTTP_ACCEPT_LANGUAGE : tr HTTP_CONNECTION : Keep-Alive HTTP_COOKIE : wbdtrack=1 HTTP_HOST : www.sharlein.net HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) PATH : /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin
REMOTE_ADDR : 212.253.212.91
REMOTE_HOST : asy91.as253212.sol.superonline.com
REMOTE_PORT : 3077
SCRIPT_FILENAME : /xx/xx/public_html/hackattempt.php
SERVER_ADDR : 65.254.38.234
SERVER_ADMIN : webmaster@sharlein.net
SERVER_NAME : www.sharlein.net
SERVER_PORT : 80
SERVER_SIGNATURE : Apache/1.3.31 Server at www.sharlein.net Port 80
SERVER_SOFTWARE : Apache/1.3.31 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.6 FrontPage/5.0.2.2634a mod_ssl/2.8.18 OpenSSL/0.9.7a GATEWAY_INTERFACE : CGI/1.1 SERVER_PROTOCOL : HTTP/1.1 REQUEST_METHOD : GET QUERY_STRING : op=AddAuthor&add_aid=hack&add_name=God&add_pwd=hack1&add_email=foo@bar.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox
REQUEST_URI : /hackattempt.php?op=AddAuthor&add_aid=hack&add_name=God&add_pwd=hack1&add_email=foo@bar.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox
SCRIPT_NAME : /hackattempt.php
PATH_TRANSLATED : /xx/xx/public_html/hackattempt.php
PHP_SELF : /hackattempt.php
argv : Array
argc : 1
|
I think this one came from hackattempt, it was not added to ban list. Did this hack make it through Sentinel™, and then was caught by hackattempt? I have the the 'includes/Sentinal on the first line of the mainfile. Thank you, Steve |
_________________
Give Me Ambiguity Or Give Me Something Else! |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Mon Jun 21, 2004 7:14 am |
|
No, it never made it to Sentinel™ because you have the HA call before mainfile.php is called, which in turn calls Sentinel™  . Just remove (or comment out) the HA script code in admin.php. Then Sentinel™ will get called through mainfile.php and all will be well  There is no need for HA as long as you are using Sentinel™. |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Jun 21, 2004 7:17 am |
|
Thank you very much, Raven. I will do that right now.  |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Jun 21, 2004 8:17 am |
|
I got everything put back together. Everything worked fine at Brokenpeggers, but now I get this error on my siteCode:Fatal error: Call to undefined function: abget_configs() in /home/sharlein/public_html/admin/modules/sentinel.php on line 32
|
Where did I go wrong? Thank you, Steve   |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jun 21, 2004 8:23 am |
|
You haven't placed the include("includes/sentinel.php"); statement in your mainfile.php. |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Jun 21, 2004 9:11 am |
|
I already had it in there, so I moved it lower. Same error. Here are a couple lines from my mainfileCode: //include("includes/sentinel.php");
// Raven http://ravenphpscripts.com
//$queryString = strtolower($_SERVER['QUERY_STRING']);
//if (strstr($queryString,'%20union%20') OR strstr($queryString,'/*')) {
//header("Location: hackattempt.php?$queryString");
//die();
//}
include("includes/sentinel.php");
$phpver = phpversion();
|
|
| |
|
|
|
|
Raven
|
| Posted:
Mon Jun 21, 2004 9:25 am |
|
Try deleting all the code that you have commented out (those 7 lines). I can't tell from this what may be wrong, but that error means that the include is not including. |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Jun 21, 2004 9:49 am |
|
Many thanks Raven. I removed those lines, and decided to check on includes/sentinel.php. To my surprise and dismay, it was a zero bytes file. I re-upload it and everything is fine. (Please don't ask how it got that way, I have no clue. ) Your student, Steve |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jun 21, 2004 9:52 am |
|
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
