Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Magic 8 Ball
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
sharlein
Member Emeritus



Joined: Nov 19, 2002
Posts: 322
Location: On the Road
PostPosted: Sat Oct 08, 2005 10:59 am Reply with quote
Just to let everyone know, I have received 6 hack attemps on the 8 Ball module. Sentinal has caught every one of them. I don't believe somebody would mess with Magic 8 Ball, after all, it's Magic!

Code:
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Query String: www.xxxxxx.xxx/modules.php?mop=modload&name=magic_8_ball&file=index&func=answer&question=


Get String: www.xxxxxx.xxx/modules.php?mop=modload&name=magic_8_ball&file=index&func=answer&question=


Post String: www.xxxxx.xxxx/modules.php?name=gambling casino history online coupons&email=112233@332211.net&subject=gambling casino history online coupons&body=<br><h1><font size=\"5\">gambling casino history online coupons</font></h1></post> <h4>


This also includes a huge list of gambling sites or porno sites.

_________________
Give Me Ambiguity Or Give Me Something Else! 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661
PostPosted: Sat Oct 08, 2005 12:28 pm Reply with quote
no i dont think its a hack attempt but a bot thought it was guestbook.
its a attempt to post in it,something thats happening often lately.
 
View user's profile Send private message
sharlein
PostPosted: Sat Oct 08, 2005 2:43 pm Reply with quote
I think it was a hack attempt. Here is the rest of the Sentinal message:
Quote:
sc-ript>document.wri-te(\"<sty-le>body {display:none;}</sty-le><a h-ref=http://enter.want-xxx-sex.com?bts id=cl>h-ttp://enter.want-xxx-sex.com?bts</a>\");document.li-nks(\"c-l\").click();</sc-ript>
casino magic las vegas club and casino tropicana casino resort atlantic city a online gambling casino palms casino in las vegas fun casino com cashe creek casino sport gambling san felipe hollywood casino www casino careers com oneida casino green bay online gambling sports grand casino kinder louisiana grand online casino new york las vegas casino hotel casino poker strip online casino australia responsible gambling online casino roulette gambling odds online casino news venetian hotel casino las vegas casino slot poker playing horseshoe casino las vegas las vegas aladdin casino mgm grand hotel casino las vegas online gaming casino grand casino in biloxi mississippi emrald queen casino grand casino com tropicana casino in las vegas hentai poker online gambling casino new york new york casino imperial palace casino biloxi hoyle casino games casino online games frontier hotel and casino las vegas online cas! ino uk casino hotel windsor about casino gambling com grand online casino caesers palace casino casino poker games vegas casino online flamingo hotel and casino in las vegas sante fe station casino hard rock casino aruba grand resort and casino uk online casino monte carlo casino las vegas crown vegas online casino monte carlo casino hotel las vegas casino new york state le petit prince casino de paris grand banks online casinohollywood casino casino online gambling poker pages </h4><center> <a href=http://uk.geocities.com/hotelcasino6reno/online-casino-odds.htm><b>gambling online casino odds coupons</b></a> <a href=http://uk.geocities.com/bahamas3casino/online-slots-casino.htm><b>casino online slots casino online</b></a> <a href=http://uk.geocities.com/hotelcasino6reno/online-casino-list.htm><b>history online casino list gambling</b></a> <a href=http://uk.geocities.com/atlantishotel4casino/stardust-casino-las-vegas.htm><b>history stardust casino las veg! as online</b></a></center></post><map>&url=http://uk.geocities.com/hot
elcasino6reno/online-casino-coupons.htm&url_title=gambling casino history online coupons&img= Forwarded For: none Client IP: none Remote Address: 69.xxx.xxx. Remote Port: 2332 Request Method: POST


lol, I just got banned trying to post this without breaking the tags! Bang Head
 
hitwalker
PostPosted: Sat Oct 08, 2005 2:52 pm Reply with quote
No it wasnt.. Smile
They use bots that track guestbook on the internet
For some reason "IT" believes or thought your module was a guestbook.
It simply is searching for the most common fields in a guestbook.

This annoying trick is very common in the world of blogs.
But there were so many changes in the security that they can not "autopost" anymore.
I know it cause i have a blog running and still havent got an attack yet.
They probably gave up by now.

Unfortunately they have put their hopes on phpnuke now.
But you cant beat sentinel and when the word gets spread they will stop this also,but not untill they have messed up a few guestbooks...
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©