massive attacks on My_eGallery

Sells PC To Pay For Divorce Joined: Posts: 5661

everybody with My_eGallery ,heavy attacks are going on at this moment.
doesnt mean your next but be warned...
they tried about 80 x by now...
but i dont have My_eGallery....lol

target is ....My_eGallery/public/displayCategory.php?basepathxxxxx etc..

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

I've seen than on sites that have neither Nuke nor My_eGallery. Pretty pathetic, really. I mean, do a little research! I've thought about putting a honeypot on some sites. Just goes to show that kids have nothing better to do in the summer!

Worker Joined: May 18, 2005 Posts: 119 Location: SVCDPlaza

The same here and al lot of attacks on 4nalbum and coppermine and sins 2 days Forums/admin/index.php?phpbb_root_path and the all are from turkey.

Posted: Tue Jun 13, 2006 4:02 am

yeah nice huh,got another 40 while i was sleeping..... Laughing

should i publish a news story "i dont have My_eGallery" ?

Posted: Tue Jun 13, 2006 8:24 am

That doesn´t help Hitwalker because nobody reads the story about your installed modules. The most attacks are more automatic therefore the Hackers will never visit you site. You know this also. Smile

But if you ever had such a module installed there are probably after some years still links to your website on some search engines.

So "Think before you install !" if you really need this module, addon or whatever.

Posted: Tue Jun 13, 2006 9:13 am

ah susann...you missed the humor in my post... Sad

but i also never had My_eGallery installed...
that they do this by remote i know,topic was just to warn others...

Posted: Tue Jun 13, 2006 9:28 am

I ´m sure that topic helps some people in any way. Believe it or not I found a page and he published an admin message like" I don´t have such modules installed" however, sometimes it´s possible to talk back to hackers and it would be great if the phrase:" The hackers from today are the security experts from tomorrow" is really true.

The meaning of the word hacker we discussed already. Wink

Posted: Tue Jun 13, 2006 11:52 am

<?php
$ip = '216.255.189.226';
$host = gethostbyaddr($ip);
if (preg_match('#([a-z0-9_\-]+\.([a-z]{2,5}|[a-z]{2,3}\.[a-z]{2,3}))$#i',$host,$match)) {
mail($match[1],"one of your customers tried to hack our website using IP $ip on date $time");
}

good luck Laughing

Posted: Tue Jun 13, 2006 12:12 pm

An interesting approach, djmaze. I think it would be more effective to try something like this when abuse occurs using a file hosted on another website...

Posted: Tue Jun 13, 2006 9:12 pm

There were at least 10 different sites hosting attacks on nukeSEO.com today. All standard script kiddie stuff - no creativity, all blocked, some of them tried the same attack 100 times - with various IP addresses (isn't blocking pointless?). We'll see how many of these sites are online tomorrow...

One interesting note, a couple of the attacks appeared to be hosted on legitimate sites that were themselves attacked unknowingly. The attack script was uploaded to these sites (e.g. through SPAW in one case!) without the owners realizing their sites were being used to launch attacks against other sites. I gave those owners a chance to fix the problem before I did...

Posted: Wed Jun 14, 2006 4:37 am

your so kind.... killing me

Posted: Wed Jun 14, 2006 9:11 am

kguske wrote:

An interesting approach, djmaze. I think it would be more effective to try something like this when abuse occurs using a file hosted on another website...

Doesn't matter which kind of attack as long as the ip resolves to a hostname.
The mailed host wether a website or a ISP knows that something happens from their system either thru illegal scripts or just bad customers.

Posted: Wed Jun 14, 2006 9:19 am

Unless the IP is spoofed...

Posted: Wed Jun 14, 2006 10:56 am

Update: 5 of the 10 sites that attacked nukeSEO.com yesterday have already been shut down. One who was unwillingly hosting the attacks has secured his site. 4 more to go!