You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 

Author: Evaders99PostPosted: Sun May 27, 2007 5:19 pm    Post subject:

Never seen exactly this type, probably a forums spammer. It is just a very weird query string

Author: khizerkPostPosted: Sun May 27, 2007 10:57 pm    Post subject:

yup looks like a flood/spam attempt to me to. He tried in a quick succession (around 2-4 seconds between each attempt), each from a different ip.

Author: Evaders99PostPosted: Mon May 28, 2007 2:55 pm    Post subject:

I'll keep an eye out, but not sure there's anything you can do



Nuke Cops -> Nuke Security

All times are GMT - 8 Hours

Page 1 of 1

Powered by phpBB © 2001,2002 phpBB Group
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 270 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Anything else I could do about this? Anything else I could do about this?

Nuke Cops -> Nuke Security

Author: khizerk PostPosted: Sun May 27, 2007 6:29 am    Post subject: Anything else I could do about this?

My site got hacked by some turkish hacking clan recently. After that I patched nuke (7.Cool and installed sentinel. I still get a few hacking attempts each week, but this one particular hacking attempt is coming almost everyday. Initially I didnt even think it was a hacking attempt, thought maybe it was some query caught up in sentinel but last night, this attempt was made from 10 different ips in succession. Here are the details:
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0
Query String:
www.mobilejunkies.net/modules.php?name=Forums&file=posting&mode=newtopic&f=6+[PLM=0][R]+GET+ target=_blank href="http://www.mobilejunkies.net/modules.php?name=Your_Account&op=new_user+[0,16550,634]+-">http://www.mobilejunkies.net/modules.php?name=Your_Account&op=new_user+[0,16550,634]+->+[R]+POST+http://www.mobilejunkies.net/modules.php?name=Your_Account+[0,11961,20331]+->+[L]+POST+http://www.mobilejunkies.net/modules.php?name=Your_Account+[0,0,18666]+->+[L]+GET+http://www.mobilejunkies.net/modules.php?name=Your_Account+[R=302][0,0,184]+->+[L]+GET+http://www.mobilejunkies.net/modules.php?name=Your_Account&op=userinfo&username=Gromeron+[0,0,30320]+->+[N]+GET+http://www.mobilejunkies.net/modules.php?name=Forums&file=posting&mode=newtopic&f=6+[0,35264,45487]+->+[N]+POST+http://www.mobilejunkies.net/modules.php?name=Forums&file=posting+[19919,0,22834]
Get String: www.mobilejunkies.net/modules.php?name=Forums&file=posting
[19919,0,22834]&mode=newtopic&f=6 [0,35264,45487] -> [N] POST
http://www.mobilejunkies.net/modules.php?name=Forums&op=userinfo&username=Gromeron
[0,0,30320] -> [N] GET
http://www.mobilejunkies.net/modules.php?name=Forums
Post String: www.mobilejunkies.net/modules.php
Forwarded For: none
Client IP: none
Remote Address: 70.82.189.135
Remote Port: 2530
Request Method: GET

They always involve teh username=Gromeron

I am just wondering is there anything else I can do with this?, yes sentinel is blocking it but he could get in trying different techniques no?. Sorry I am a bit paranoid now.
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.449 Seconds - 346 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
added by Evaders - DO NOT REMOVE
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::