You are missing our premiere tool bar navigation system! Register and use it for FREE!

•  Home •  Downloads •  Gallery •  Your Account •  Forums • 

Author: Evaders99PostPosted: Sun May 27, 2007 5:19 pm    Post subject:

Never seen exactly this type, probably a forums spammer. It is just a very weird query string

Author: khizerkPostPosted: Sun May 27, 2007 10:57 pm    Post subject:

yup looks like a flood/spam attempt to me to. He tried in a quick succession (around 2-4 seconds between each attempt), each from a different ip.

Author: Evaders99PostPosted: Mon May 28, 2007 2:55 pm    Post subject:

I'll keep an eye out, but not sure there's anything you can do

Nuke Cops -> Nuke Security

All times are GMT - 8 Hours

Page 1 of 1

Powered by phpBB © 2001,2002 phpBB Group
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
· Home
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 270 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Anything else I could do about this? Anything else I could do about this?

Nuke Cops -> Nuke Security

Author: khizerk PostPosted: Sun May 27, 2007 6:29 am    Post subject: Anything else I could do about this?

My site got hacked by some turkish hacking clan recently. After that I patched nuke (7.Cool and installed sentinel. I still get a few hacking attempts each week, but this one particular hacking attempt is coming almost everyday. Initially I didnt even think it was a hacking attempt, thought maybe it was some query caught up in sentinel but last night, this attempt was made from 10 different ips in succession. Here are the details:
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0
Query String:[PLM=0][R]+GET+ target=_blank href="[0,16550,634]+-">[0,16550,634]+->+[R]+POST+[0,11961,20331]+->+[L]+POST+[0,0,18666]+->+[L]+GET+[R=302][0,0,184]+->+[L]+GET+[0,0,30320]+->+[N]+GET+[0,35264,45487]+->+[N]+POST+[19919,0,22834]
Get String:
[19919,0,22834]&mode=newtopic&f=6 [0,35264,45487] -> [N] POST
[0,0,30320] -> [N] GET
Post String:
Forwarded For: none
Client IP: none
Remote Address:
Remote Port: 2530
Request Method: GET

They always involve teh username=Gromeron

I am just wondering is there anything else I can do with this?, yes sentinel is blocking it but he could get in trying different techniques no?. Sorry I am a bit paranoid now.
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.449 Seconds - 346 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
added by Evaders - DO NOT REMOVE
:: FI Theme :: PHP-Nuke theme by coldblooded ( ::