Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

What is this???
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
izone
Involved
Involved



Joined: Sep 07, 2004
Posts: 354
Location: Sweden
PostPosted: Tue Mar 08, 2005 3:51 pm Reply with quote
Hi.

Today my Hosting shoted down my accout for a few hours and when I asked why they said that a spider or bot is causing server to explo!!!! and they are on my site.

They send me a part of the log file which is like this:

63.110.140.28 - - [08/Mar/2005:01:16:41 +0100] "GET / HTTP/1.0" 200 178 "-"
"OXOXOXO"
216.148.244.89 - - [08/Mar/2005:01:16:41 +0100] "GET / HTTP/1.0" 200 178 "-"
"OXOXOXO"
193.188.105.9 - - [08/Mar/2005:01:16:41 +0100] "GET / HTTP/1.1" 200 190 "-"
"OXOXOXO"
200.171.46.167 - - [08/Mar/2005:01:16:42 +0100] "GET / HTTP/1.0" 200 178 "-"
"OXOXOXO"
193.188.105.9 - - [08/Mar/2005:01:16:42 +0100] "GET / HTTP/1.1" 200 190 "-"
"OXOXOXO"
82.129.167.165 - - [08/Mar/2005:01:16:43 +0100] "GET / HTTP/1.0" 200 28666
"-" "OXOXOXO"
218.57.243.3 - - [08/Mar/2005:01:16:43 +0100] "GET / HTTP/1.1" 200 190 "-"
"OXOXOXO"
193.188.105.9 - - [08/Mar/2005:01:16:43 +0100] "GET / HTTP/1.1" 200 190 "-"
"OXOXOXO"
63.110.140.28 - - [08/Mar/2005:01:16:44 +0100] "GET / HTTP/1.0" 200 101988
"-" "OXOXOXO"
82.116.140.41 - - [08/Mar/2005:01:16:44 +0100] "GET / HTTP/1.1" 200 190 "-"
"OXOXOXO"
219.166.122.250 - - [08/Mar/2005:01:16:44 +0100] "GET / HTTP/1.0" 200 178
"-" "OXOXOXO"
193.188.105.9 - - [08/Mar/2005:01:16:44 +0100] "GET / HTTP/1.1" 200 190 "-"
"OXOXOXO"
81.138.10.219 - - [08/Mar/2005:01:16:44 +0100] "GET / HTTP/1.1" 200 190 "-"
"OXOXOXO"
200.251.193.2 - - [08/Mar/2005:01:16:44 +0100] "GET / HTTP/1.0" 200 178 "-"
"OXOXOXO"
193.188.105.9 - - [08/Mar/2005:01:16:44 +0100] "GET / HTTP/1.1" 200 190 "-"
"OXOXOXO"
82.194.62.9 - - [08/Mar/2005:01:16:45 +0100] "GET / HTTP/1.1" 200 190 "-"
"OXOXOXO"

and they say that the log file for today is about 40 000 lines!!!!!

Could anyone PLEASE help me to understand what is going on!!!???

How can spiders do this to me?

the site is down again and Nuke has no contact with the database.

Thank for all kind of helps.

Best Regards
 
View user's profile Send private message
izone
PostPosted: Tue Mar 08, 2005 4:32 pm Reply with quote
Hello again.

I've got this message from Sentinel:

Quote:

Date & Time: 2005-03-08 22:35:23
Blocked IP: 168.143.113.125
User ID: Anonymous (1)
Reason: Abuse-Harvest
String Match: turing machine
--------------------
User Agent: OXOXOXO/4.78 (TuringOS; Turing Machine; 0.0)
Query String: www.iranyad.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 168.143.113.125
Remote Port: 41875
Request Method: GET
--------------------
WHOIS Data
WHOIS results for 168.143.113.125
Generated by www.DNSstuff.com

Country: UNITED STATES

Anonymous IP: All Nettools

NOTE: More information appears to be available at VIA4-ORG-ARIN.

Using 0 day old cached answer (or, you can get fresh results).
Displaying E-mail address (use sparingly -- this will make it more likely that you will trigger our rate limiting system).

OrgName: Verio, Inc.
OrgID: VRIO
Address: 8005 South Chester Street
Address: Suite 200
City: Englewood
StateProv: CO
PostalCode: 80112
Country: US

ReferralServer: rwhois://rwhois.verio.net:4321/

NetRange: 168.143.0.0 - 168.143.255.255
CIDR: 168.143.0.0/16
NetName: VRIO-168-143
NetHandle: NET-168-143-0-0-1
Parent: NET-168-0-0-0-0
NetType: Direct Allocation
NameServer: NS0.VERIO.NET
NameServer: NS1.VERIO.NET
NameServer: NS2.VERIO.NET
NameServer: NS3.VERIO.NET
NameServer: NS4.VERIO.NET
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.verio.net port 4321
Comment: ********************************************
RegDate: 1994-05-13
Updated: 2005-03-02

TechHandle: VIA4-ORG-ARIN
TechName: Verio, Inc.
TechPhone: +1-303-645-1900
TechEmail: vipar@verio.net

OrgAbuseHandle: VAC5-ARIN
OrgAbuseName: Verio Abuse Contact
OrgAbusePhone: +1-800-551-1630
OrgAbuseEmail: abuse@verio.net

OrgNOCHandle: VSC-ARIN
OrgNOCName: Verio Support Contact
OrgNOCPhone: +1-800-551-1630
OrgNOCEmail: support@verio.net

OrgTechHandle: VIA4-ORG-ARIN
OrgTechName: Verio, Inc.
OrgTechPhone: +1-303-645-1900
OrgTechEmail: vipar@verio.net

# ARIN WHOIS database, last updated 2005-03-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

(C) Copyright 2000-2005 R. Scott Perry


I don't know if anybody else has the same problem?

Please help.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©