| Author |
Message |
djtom-i
Nuke Cadet
Joined: Feb 08, 2004
Posts: 4
|
 Posted:
Sat Jun 26, 2004 6:10 am |
  |
|
   |
|
MrFluffy
Captain
Joined: Aug 06, 2003
Posts: 411
Location: Berlin
|
| Posted:
Sat Jun 26, 2004 8:58 am |
|
Long time no see  The world is small...
That's a remote attack trying to insert an admin (the ip leads to an external script, at least that's what raven's forums say).
(aconrads) |
_________________
cu, MrFluffy
conrads-berlin.de
nuke-platinum.de |
|
     |
|
Xeon
Sergeant
Joined: Aug 28, 2003
Posts: 144
Location: USA
|
| Posted:
Sat Jun 26, 2004 1:32 pm |
|
I'd also like to point out that this is another case of the RIPE ISP IP being used.
I ban this whole range because of the crap that comes from this source of IP's. *Shakes his head* |
_________________
Xeon
http://www.credit-repair-combat.com/ |
|
|
|
djtom-i
Nuke Cadet
Joined: Feb 08, 2004
Posts: 4
|
| Posted:
Sun Jun 27, 2004 5:22 am |
|
thx guys!
the world is a kugel!!! (kugel=german for ball!)
nice day! |
|
|
|
|
RHG-ShosMeister
Nuke Cadet
Joined: Jun 27, 2004
Posts: 1
|
| Posted:
Sun Jun 27, 2004 7:06 am |
|
Okay. So what did you have installed that blocked it? We got hit last night. Not too big of a deal as I had a backup from yesterday and it looked like all that was changed was the index.php so I replaced it.
I also found a file in our my_uploads module for a user that wasn't registered .big.red^^
The directory is there but, even through c-panel, I can't change the permissions of the file. I was able to rename the directory so that should prevent access to it until I can delete it but ......
The file that was uploaded was lahmacun3.php. Ever heard of it? I did a google search and it's a turkish pizza (lahmacun at least). |
|
|
|
|
bretonmage
Captain
Joined: Feb 21, 2004
Posts: 421
|
| Posted:
Sun Jun 27, 2004 7:59 am |
|
Sentinel or Protector will block it. |
_________________
.jpg "Image") |
|
|
|
ShosMeister
Nuke Cadet
Joined: Apr 07, 2004
Posts: 3
|
| Posted:
Sun Jun 27, 2004 11:08 am |
|
I'm guessing they are here - I'll take a look. Any recommendation as to which is better?
Question though. Looking through the logs, I can see where they inserted a GOD user. As I am admining remotely, is there a way that I can find and delete this user? |
|
|
|
|
MrFluffy
Captain
Joined: Aug 06, 2003
Posts: 411
Location: Berlin
|
| Posted:
Sun Jun 27, 2004 11:12 am |
|
|
|
|
ShosMeister
Nuke Cadet
Joined: Apr 07, 2004
Posts: 3
|
| Posted:
Sun Jun 27, 2004 11:35 am |
|
Actually, I found the entry in our log file where he created it and found the password so I changed it from GOD and changed the password.
Don't want to delete anything just yet, although I'm sure he can get back in until I get it patched.
Thanks!! |
|
|
|
|
Xeon
Sergeant
Joined: Aug 28, 2003
Posts: 144
Location: USA
|
| Posted:
Sun Jun 27, 2004 3:57 pm |
|
I use Fortress and Protector and it seems to be doing a great job, so if you haven't looked at these two security items I would give them a try. |
_________________
Xeon
http://www.credit-repair-combat.com/ |
|
|
|
ShosMeister
Nuke Cadet
Joined: Apr 07, 2004
Posts: 3
|
| Posted:
Sun Jun 27, 2004 4:07 pm |
|
I found fortress here but couldn't find protector. Is it not on this site? |
|
|
|
|
BrainSmashR
Support Mod
Joined: Jan 05, 2004
Posts: 1390
Location: Louisiana, USA
|
| Posted:
Sun Jun 27, 2004 4:41 pm |
|
|
|
|
Xeon
Sergeant
Joined: Aug 28, 2003
Posts: 144
Location: USA
|
| Posted:
Sun Jun 27, 2004 4:47 pm |
|
|
|
|
|
|
