Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message
Anders
Worker
Worker



Joined: Jun 16, 2004
Posts: 159
Location: Sweden

PostPosted: Sun Dec 30, 2012 5:41 pm Reply with quote

I get mail 1-80 mails everyday why and how to get them of??


Code:
Created By: NukeSentinel(tm) 2.6.03

Date & Time: 2012-12-30 23:14:26 CET GMT +0100
Blocked IP: 37.59.251.137
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
Referer: on site
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
HTTP Host: shadowhunters.se
Script Name: /ddt/modules.php
Query String: name=Your_Account&op=new_user
Get String: &name=Your_Account&op=new_user
Post String: &__csrf_magic=sid:1215674eaa6ca546eb2f170e7fee3fa77f2fefe4,1356905654&errormsg=ERROR:+Your+registration+has+been+blocked+by+our+spam+filter.+If+you+feel+this+is+incorrect,+please+contact+the+site+administrator+for+resolution:++<script+type=\"text/javascript\">+//<![CDATA[+eAdd=\"admin\"++eDom+=+\"shadowhunters.se\"+document.write(\'<A+href=\"mailto:\'+++eAdd+++\'@\'+++eDom+++\'\">\'+++eAdd+++\'@\'+++eDom+++\'<\\/a><span+style=\"display:none\">\')+//]]>+</script>+Please+enable+JavaScript+to+contact+us.+<script+type=\"text/javascript\">+//<![CDATA[+document.write(\'<\\/span>\')+//]]>+</script>+<br+/>&op=new_user&ya_username=DirkRhea&ya_realname=Dirk+Rhea&ya_user_email=musielakxue@hotmail.com&ya_user_email2=musielakxue@hotmail.com&user_password=YHq7HYNSLs&user_password2=YHq7HYNSLs&femail=&user_website=&user_icq=&user_aim=&user_yim=&user_msnm=&user_from=&user_occ=&user_interests=&newsletter=0&user_viewemail=0&user_allow_viewonline=1&user_sig=&bio=&submit=Go+Back
Forwarded For: none
Client IP: none
Remote Address: 37.59.251.137
Remote Port: 47464
Request Method: POST
 
View user's profile Send private message
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Sun Dec 30, 2012 7:00 pm Reply with quote

Couple things to consider:

1) Are you sure that your block settings are set so that the IP addresses are being written into the .htaccess file? If you have NS set to only send you an email and not block, this isn't going to stop.

2) Keep watch on the IP addresses and see if you can identify some patterns, such as a bunch coming from one subnet. Block the entire subnet rather than just rely on individual IP address blocks.

Since I own my own dedicated server, I will do 2) and then block at the server level... but, not too many people have this flexibility.

good luck!

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
spasticdonkey
RavenNuke(tm) Development Team



Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA

PostPosted: Sun Dec 30, 2012 9:46 pm Reply with quote

I tried registering at your site without problems, just to make sure. Have you added some type of spam protection? Curious about the "Your+registration+has+been+blocked+by+our+spam+filter" string. It's possible the message itself trips the sentinel block, if that's even what you are doing...

You might try out nukeSPAM which will help block some registrations and hence reduce the number of blocked emails you get. [ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message Visit poster's website
Anders







PostPosted: Mon Dec 31, 2012 12:33 am Reply with quote

Hi
I have already that but the weird thing is i did get 49 mails from same ip just diffrent



Code:
Post String: &__csrf_magic=sid:1215674eaa6ca546eb2f170e7fee3fa77f2fefe4,1356905654&errormsg=ERROR:+Your+registration+has+been+blocked+by+our+spam+filter.+If+you+feel+this+is+incorrect,+please+contact+the+site+administrator+for+resolution:++<script+type=\"text/javascript\">+//<![CDATA[+eAdd=\"admin\"++eDom+=+\"shadowhunters.se\"+document.write(\'<A+href=\"mailto:\'+++eAdd+++\'@\'+++eDom+++\'\">\'+++eAdd+++\'@\'+++eDom+++\'<\\/a><span+style=\"display:none\">\')+//]]>+</script>+Please+enable+JavaScript+to+contact+us.+<script+type=\"text/javascript\">+//<![CDATA[+document.write(\'<\\/span>\')+//]]>+</script>+<br+/>&op=new_user&ya_username=DirkRhea&ya_realname=Dirk+Rhea&ya_user_email=musielakxue@hotmail.com&ya_user_email2=musielakxue@hotmail.com&user_password=YHq7HYNSLs&user_password2=YHq7HYNSLs&femail=&user_website=&user_icq=&user_aim=&user_yim=&user_msnm=&user_from=&user_occ=&user_interests=&newsletter=0&user_viewemail=0&user_allow_viewonline=1&user_sig=&bio=&submit=Go+Back



Code:
Post String: &__csrf_magic=sid:96d037c9859708a1039e755d7c7f30983c06a8d6,1356919489&errormsg=ERROR:+Your+registration+has+been+blocked+by+our+spam+filter.+If+you+feel+this+is+incorrect,+please+contact+the+site+administrator+for+resolution:++<script+type=\"text/javascript\">+//<![CDATA[+eAdd=\"admin\"++eDom+=+\"shadowhunters.se\"+document.write(\'<A+href=\"mailto:\'+++eAdd+++\'@\'+++eDom+++\'\">\'+++eAdd+++\'@\'+++eDom+++\'<\\/a><span+style=\"display:none\">\')+//]]>+</script>+Please+enable+JavaScript+to+contact+us.+<script+type=\"text/javascript\">+//<![CDATA[+document.write(\'<\\/span>\')+//]]>+</script>+<br+/>&op=new_user&ya_username=LillieDay&ya_realname=Lillie+Day&ya_user_email=1mailb@flashseo.info&ya_user_email2=1mailb@flashseo.info&user_password=pwLM4AIs&user_password2=pwLM4AIs&femail=&user_website=&user_icq=&user_aim=&user_yim=&user_msnm=&user_from=&user_occ=&user_interests=&newsletter=0&user_viewemail=0&user_allow_viewonline=1&user_sig=&bio=&submit=Go+Back



On every mail


Code:
deny from 81.177.170.90

deny from 5.39.91.115
deny from 91.121.97.110
deny from 46.29.255.228
deny from 204.93.60.205
deny from 216.36.59.239
deny from 216.151.130.99
deny from 173.213.93.66
deny from 199.180.119.208
deny from 91.236.74.124
deny from 88.190.16.36
deny from 46.37.162.70
deny from 178.32.226.189
deny from 178.216.48.41
deny from 197.251.137.18
deny from 46.37.165.22
deny from 197.251.137.18
deny from 192.119.154.172
deny from 188.165.236.91
deny from 108.59.250.85
deny from 94.23.31.202
deny from 69.64.48.212
deny from 91.236.74.117
deny from 64.120.63.199
deny from 37.59.84.190
deny from 37.59.247.3
deny from 86.93.9.77
deny from 46.227.68.222
deny from 194.71.222.245
deny from 186.93.9.77
deny from 91.192.111.191
deny from 195.78.231.115
deny from 91.236.74.125
deny from 202.28.77.79
deny from 176.31.231.148
deny from 95.141.115.104
deny from 87.253.162.9


there is the worse ipn
from them ihave got over 20 mail from each
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Mon Dec 31, 2012 5:49 pm Reply with quote

This looks like it is generated by nukeSPAM, specifically, one of the blacklists used by nukeSPAM.
I couldn't say if Sentinel is tripping up because of something in the string generated by nukeSPAM or whether it is actually designed that way so NS can put a physical block on the user.
Maybe as a trial you could disable all the blacklists except for Project Honeypot and see what happens but I think they only way you are going to get any peace is by changing the script blocker setting so it doesn't email you.
 
View user's profile Send private message Send e-mail
Anders







PostPosted: Wed Jan 02, 2013 2:31 am Reply with quote

ok i have set it so it dont send me any mail and just block them in .htaccess...

but why did it just start ? Confused
 
montego







PostPosted: Wed Jan 02, 2013 2:01 pm Reply with quote

One never knows why... Sad
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©