 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 362 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Site: Scan activity report |
|
 Computer Cops is offering a free service for the PHP-Nuke community to use the IP Ban list as a benchmark for your sites to follow same. Why allow these IP addresses to access your site when they only want to scan sites for possible exploits.
In addition, we found in our logs today:
[Sat Jul 5 21:50:58 2003] [error] [client 68.111.102.86] File does not exist: /www/nukecops/' . $board_config['avatar_gallery_path'] . '/' . $postrow[$i]['user_avatar'] . '
You can see this 68.111.102.86 address is scanning our site (NukeCops.com / ComputerCops.biz) for old PHP-Nuke exploits. So, we've banned that too.
|
|
Posted on Saturday, July 05 @ 22:48:13 CEST by [RETIRED]chatserv |
|
|
|
|
| |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Scan activity report (Score: 1)
by afc on Sunday, July 06 @ 00:06:24 CEST
(User Info | Send a Message) | | what software do you use to check who is scanning your ports? |
| | | | |
Re: Scan activity report (Score: 1)
by Q on Sunday, July 06 @ 00:08:43 CEST
(User Info | Send a Message) http://3GuysHosting.com | Hey that's me and I wasn't scanning anybody!!! I have been searching your board for "default_avatar" and "guest_avatar" trying to figure out why they don't work and I have been manually applying sec patch 4 but I promise I have not been trying to exploit anything!!
Now I just want to search and find out why my site won't send out new user email... |
]
Re: Scan activity report (Score: 1)
by Zhen-Xjell on Sunday, July 06 @ 10:56:50 CEST
(User Info | Send a Message) http://castlecops.com | | That was taken directly from the error_log on inspection. When one does a search the values don't get logged in the error log. It only happens when someone actually forms a URL and sends it in as a request. That line has been used in the past to change member avatars maliciously. |
]
| | | | |
Re: Scan activity report (Score: 1)
by secureoffice on Sunday, July 06 @ 11:01:29 CEST
(User Info | Send a Message) | How do you actually go about setting up that list on your server to block those IP's if you use a hosted website?
Cheers
Trix |
Re: Scan activity report (Score: 1)
by Zhen-Xjell on Sunday, July 06 @ 11:35:24 CEST
(User Info | Send a Message) http://castlecops.com | On a Linux box, you should already by default have "iptables" installed. Well, what you do is make sure its running.
Then install PortSentry, and make sure its running.
Within PortSentry are some configurations to block via iptables and also the /etc/hosts.deny file.
The hosts.deny file is a permanent ban. When the server is rebooted, the iptables entries disappear making them temporary bans.
PortSentry binds itself to any port you specify. When it picks up a port scan on the box, it places the ban in both locations on our server.
Viola |
]
| | | | | |
|
