You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 280 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Anything else I could do about this? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Anything else I could do about this?
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
Author Message
khizerk
Nuke Soldier
Nuke Soldier


Joined: Jan 02, 2007
Posts: 26
PostPosted: Sun May 27, 2007 6:29 am Reply with quoteBack to top
My site got hacked by some turkish hacking clan recently. After that I patched nuke (7.Cool and installed sentinel. I still get a few hacking attempts each week, but this one particular hacking attempt is coming almost everyday. Initially I didnt even think it was a hacking attempt, thought maybe it was some query caught up in sentinel but last night, this attempt was made from 10 different ips in succession. Here are the details:
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0
Query String:
www.mobilejunkies.net/modules.php?name=Forums&file=posting&mode=newtopic&f=6+[PLM=0][R]+GET+ target=_blank href="http://www.mobilejunkies.net/modules.php?name=Your_Account&op=new_user+[0,16550,634]+-">http://www.mobilejunkies.net/modules.php?name=Your_Account&op=new_user+[0,16550,634]+->+[R]+POST+http://www.mobilejunkies.net/modules.php?name=Your_Account+[0,11961,20331]+->+[L]+POST+http://www.mobilejunkies.net/modules.php?name=Your_Account+[0,0,18666]+->+[L]+GET+http://www.mobilejunkies.net/modules.php?name=Your_Account+[R=302][0,0,184]+->+[L]+GET+http://www.mobilejunkies.net/modules.php?name=Your_Account&op=userinfo&username=Gromeron+[0,0,30320]+->+[N]+GET+http://www.mobilejunkies.net/modules.php?name=Forums&file=posting&mode=newtopic&f=6+[0,35264,45487]+->+[N]+POST+http://www.mobilejunkies.net/modules.php?name=Forums&file=posting+[19919,0,22834]
Get String: www.mobilejunkies.net/modules.php?name=Forums&file=posting
[19919,0,22834]&mode=newtopic&f=6 [0,35264,45487] -> [N] POST
http://www.mobilejunkies.net/modules.php?name=Forums&op=userinfo&username=Gromeron
[0,0,30320] -> [N] GET
http://www.mobilejunkies.net/modules.php?name=Forums
Post String: www.mobilejunkies.net/modules.php
Forwarded For: none
Client IP: none
Remote Address: 70.82.189.135
Remote Port: 2530
Request Method: GET

They always involve teh username=Gromeron

I am just wondering is there anything else I can do with this?, yes sentinel is blocking it but he could get in trying different techniques no?. Sorry I am a bit paranoid now.
Find all posts by khizerkView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482
PostPosted: Sun May 27, 2007 5:19 pm Reply with quoteBack to top
Never seen exactly this type, probably a forums spammer. It is just a very weird query string

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
khizerk
Nuke Soldier
Nuke Soldier


Joined: Jan 02, 2007
Posts: 26
PostPosted: Sun May 27, 2007 10:57 pm Reply with quoteBack to top
yup looks like a flood/spam attempt to me to. He tried in a quick succession (around 2-4 seconds between each attempt), each from a different ip.
Find all posts by khizerkView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482
PostPosted: Mon May 28, 2007 2:55 pm Reply with quoteBack to top
I'll keep an eye out, but not sure there's anything you can do

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.156 Seconds - 388 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::