| Author |
Message |
sharlein
Member Emeritus
Joined: Nov 19, 2002
Posts: 322
Location: On the Road
|
 Posted:
Mon Feb 09, 2004 1:34 pm |
|
Raven, is this script designed to work with 6.5? I have tried both lines added to the mainfile, one on each site, no luck. Thank you, Steve |
_________________
Give Me Ambiguity Or Give Me Something Else! |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Mon Feb 09, 2004 2:52 pm |
|
Yes. It shouldn't matter. It's not a nuke script - it's php. |
| |
|
|
|
|
Raven
|
| Posted:
Mon Feb 09, 2004 2:58 pm |
|
|
|
|
|
sharlein
|
| Posted:
Mon Feb 09, 2004 3:34 pm |
|
I just tried it with your link, it worked. Thank you. |
| |
|
|
|
|
Raven
|
| Posted:
Mon Feb 09, 2004 3:42 pm |
|
What was the link you were trying that wasn't working? Maybe there's a bug? |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Feb 09, 2004 3:43 pm |
|
Raven, you are a lifesaver. Do you remember that blackmail attempt we talked about? I just received 5 hack attempts from the same person. I will forward them so you can see them. I would like to get this guy if we can. I can't thank you enough - Steve |
| |
|
|
|
|
Raven
|
| Posted:
Mon Feb 09, 2004 3:49 pm |
|
Well, you got me. That's my IP. Send in the clowns. I'm caught. Chat, the site's yours  |
| |
|
|
|
|
sharlein
|
| Posted:
Mon Feb 09, 2004 3:59 pm |
|
I better remove you from my banned list. The script worked perfectly. I highly recommend it to anyone and everyone!  Steve |
| |
|
|
|
|
Raven
|
| Posted:
Mon Feb 09, 2004 4:20 pm |
|
Thank you  |
| |
|
|
|
|
chatserv
Member Emeritus
Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
|
| Posted:
Mon Feb 09, 2004 4:24 pm |
|
Raven, you have the right to remain silent, anything you say can and will be used against you...
Cuff him Sharlein. |
| |
|
|
|
Raven
|
| Posted:
Mon Feb 09, 2004 4:35 pm |
|
|
|
|
|
sharlein
|
| Posted:
Mon Feb 09, 2004 6:28 pm |
|
|
|
|
|
Lateron
Worker
Joined: May 10, 2003
Posts: 119
Location: Katoomba, NSW, Australia.
|
| Posted:
Mon Feb 09, 2004 10:35 pm |
|
Raven,
May I suggest you change Sharlein's URL in the third message from the top to yourdomain.com or something?
I have just installed the hack and went to copy the URL to test my site and before I could change domain name to mine, the URL had been actioned and I got the hack page and Sharlein would have got a worrying email.
Thanks, Raven.
Cheers,
Ron... |
| |
|
|
|
|
paranor
Worker
Joined: Aug 28, 2003
Posts: 227
|
| Posted:
Tue Feb 10, 2004 7:55 pm |
|
|
|
|
|
Raven
|
| Posted:
Tue Feb 10, 2004 8:02 pm |
|
|
|
|
|
paranor
|
| Posted:
Tue Feb 10, 2004 8:10 pm |
|
You mean test it? I *just* noticed it's the same as what's in your install document in the hackattemp.php program.
Speaking of that, the install document has a "/php/" in the URL. I had to remove that to test it. Typo? |
| |
|
|
|
|
Raven
|
| Posted:
Tue Feb 10, 2004 8:14 pm |
|
If you put that code in mainfile.php it will trap all of the 'union' exploits.
Yes, the php is a leftover. I will fix it. |
| |
|
|
|
|
Ronin
New Member
Joined: Jul 30, 2003
Posts: 8
|
| Posted:
Wed Feb 11, 2004 6:28 pm |
|
Hi guys,
Here's the top of my mainfile.php:
Code:<?php
if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: hackattempt.php/");
|
If I browse to mydomain.com/hackattempt.php I see the warning and get an email. However I can't seem to trigger it with my URL and the path shown in the INSTALL file:
| Quote: | | http://www.DOMAIN.COM/modules.php?name=Web_Links&l_op=viewlink&cid=1%20union%20select |
Any ideas? This is a nuke6.5 machine.
Cheers,
Ronin |
Last edited by Ronin on Wed Feb 11, 2004 6:45 pm; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Wed Feb 11, 2004 6:39 pm |
|
Try removing the trailing slash. |
| |
|
|
|
|
Ronin
|
| Posted:
Wed Feb 11, 2004 6:45 pm |
|
|
|
|
|
qdog
New Member
Joined: Feb 12, 2004
Posts: 9
|
| Posted:
Thu Feb 12, 2004 10:25 am |
|
Raven,
First thanks for another great script!!!
Next a quick question...
I have tried:
header("Location: hackattempt.php/")
header("Location: hackattempt.php")
And get page not found.
It works when I change it to this:
header("Location: http://www.mydomain.net/hackattempt.php")
Any problems with doing this? |
| |
|
|
|
|
Raven
|
| Posted:
Thu Feb 12, 2004 10:35 am |
|
None at all. It is browser dependent and the fully qualified url is the RFC standard anyway  |
| |
|
|
|
|
qdog
|
| Posted:
Thu Feb 12, 2004 10:39 am |
|
Cool, thanks for the quick reply |
| |
|
|
|
|
Lateron
|
| Posted:
Fri Feb 13, 2004 4:17 am |
|
Raven,
I got past the page not error by using:
header("Location: http://www.mydomain.net/hackattempt.php")
However now I am getting:
Unable to query WhoIs information for 203.xxx.xxx.xxx.
I have had several union attacks today and they were stopped by Protector but I would like to get your system working.
Cheers,
Ron.... |
| |
|
|
|
|
Raven
|
| Posted:
Fri Feb 13, 2004 5:52 am |
|
Send me the actual IP and I will check into it. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
