You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 61 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Sentinel blocks \'.system(getenv(HTTP_PHP)).\' [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
redoced
Nuke Soldier
Nuke Soldier


Joined: Jul 28, 2005
Posts: 21


PostPosted: Thu Jul 28, 2005 1:52 am Reply with quoteBack to top

Hey guys,For the last week I keep getting email notification regarding blocks from sentinel, they always seem to be a forum topic and have this \'.system(getenv(HTTP_PHP)).\' at the end of the url

Is this an attempted attack? should I be blocking IP's for this?

Thanks for any info on the matter Smile
Find all posts by redocedView user's profileSend private messageVisit poster's website
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Thu Jul 28, 2005 9:14 am Reply with quoteBack to top

It is indeed an attack, mostly using the highlight bug in phpBB
If you are patched to the latest BBToNuke 2.0.17, you should be fine

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
redoced
Nuke Soldier
Nuke Soldier


Joined: Jul 28, 2005
Posts: 21


PostPosted: Fri Jul 29, 2005 2:05 am Reply with quoteBack to top

Thanks for your reply, I'm using bb to nuke 2.1,so am I at risk? I have had probably 10 of these attacks now,but sentinel seems to block them Smile
Find all posts by redocedView user's profileSend private messageVisit poster's website
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Fri Jul 29, 2005 3:33 am Reply with quoteBack to top

BBToNuke 2.1 sounds like a very old version.
Is that the right version?

Check the line
Code:

Powered by phpBB 2.0.XX

That should be one version to look at

I still recommend updating your BBToNuke for security, even with Sentinel

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
redoced
Nuke Soldier
Nuke Soldier


Joined: Jul 28, 2005
Posts: 21


PostPosted: Fri Jul 29, 2005 3:45 am Reply with quoteBack to top

This is what is says on the bottom of the forum

Powered by phpBB 2.0.11 © 2004 phpBB Group
Version 2.1 by Nuke Cops © 2003 http://www.nukecops.

Sorry I would post the site link,but maybe I should get it all updated first Smile
Find all posts by redocedView user's profileSend private messageVisit poster's website
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Fri Jul 29, 2005 6:24 am Reply with quoteBack to top

Right, it is 2.0.11
Newer versions will remove the version number and place it in your admin panel. Thus hackers will have a harder time targetting your forums if they don't know the version

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
redoced
Nuke Soldier
Nuke Soldier


Joined: Jul 28, 2005
Posts: 21


PostPosted: Fri Jul 29, 2005 6:29 am Reply with quoteBack to top

Cool, It will get updated soon thank you for your help Very Happy
Find all posts by redocedView user's profileSend private messageVisit poster's website
kelisia
Nuke Soldier
Nuke Soldier


Joined: Jun 22, 2005
Posts: 15

Location: Dallas Tx.

PostPosted: Fri Jul 29, 2005 1:36 pm Reply with quoteBack to top

Just a quick question, Do forum upgrades need to be done in order?

For instance if you are running 2.0.15 do you need to first upgrade to .16 then .17? Or can you just jump to .17?

*EDIT*

Nevermind.. It's amazing what a little forum searching can do Wink I Found the answer.
Find all posts by kelisiaView user's profileSend private messageVisit poster's website
infidelguy
Nuke Soldier
Nuke Soldier


Joined: Jan 05, 2004
Posts: 18

Location: Atlanta, Georgia

PostPosted: Sat Jul 30, 2005 8:17 am Reply with quoteBack to top

Anyone know how to permanently block this type of url string, I don't even want to see an alert from Sentinel anymore. I'm getting hundreds a day.
Find all posts by infidelguyView user's profileSend private messageVisit poster's websiteAIM AddressYahoo MessengerMSN Messenger
jimmo
Corporal
Corporal


Joined: Feb 14, 2004
Posts: 60

Location: Germany

PostPosted: Fri Aug 05, 2005 3:27 am Reply with quoteBack to top

I have been getting them, too. What I have been thinking is something in the .htaccess that specifically looks for a URL containing "system(getenv(HTTP_PHP))" or whatever and then sends it off to lala-lala land. Maybe a permission denied or a redirect to a specific page or whatever.

_________________
The Linux Knowledge Base and Tutorial project is looking for volunteers: http://www.linux-tutorial.info
Find all posts by jimmoView user's profileSend private messageVisit poster's website
twelves
Lieutenant
Lieutenant


Joined: Jul 13, 2003
Posts: 192


PostPosted: Fri Aug 05, 2005 4:22 am Reply with quoteBack to top

weird, both my pages get it only after turning some blocker setting on.

I thought it was the santi worm?

You can just choose not to get notified upon attack.

I guess it is real because I have over 50 email attack attempts and not one complaint.

Shees... I hope its an attack and not my blocking legal users.

Embarassed

_________________
Image
Find all posts by twelvesView user's profileSend private messageVisit poster's website
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.041 Seconds - 151 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::