Pages: [1] 2 3 4 5
Tags: ABUSE ACTIONS ADMINSITRATORS ALERT APP BAN PLASE TRIPLEGATE WANA
  Author: Topic: Hackers alert !
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Hackers alert !
 Posted on: 09/01/04 at 03:55:08

Hi

A group of hackers from *.id

Are trying to hack into web-app sites please add this address to your ban list 202-127-108-242.triplegate.net.id
Add this one too: 202.127.97.3

Moderators/adminsitrators plase read a message with hacking details at the moderators list.

On

And *.id if you are reading this post, a message for you:

Your actions are fully logged and an email to abuse@ is its on his way with a copy to your mamma lol  wana be a hacker? learn to hack first





"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert!
 Posted on: 09/01/04 at 05:55:08

Copy of complaint to abuse@  (deleted logs for security reasons)

Sent from an official gov email address, if we get no reply I intend to send a complaint to the domain provider. All expenses (my working hours!) will be billed evil


Dear Sirs,

According to our records as submitted below, there are hackers using your domain trying to access pwd files at our site in which is located on  a Norwegian government's website.

I have also been informed that these hackers have been defacing at least 3 websites recently all which are using a web portal script from www.web-app.net .... external link

Such a conduct is a severe violation of international internet rules, ethics and standards and would not be accepted by your domain provider. It would be greatly appreciated if you could treat this matter as soon as possible.

Your prompt reply would be appreciated.




Log:
Event took place about 2 hours ago 1. Septmeber 2004.

202-127-108-242.triplegate.net.id -----------------------------
202-127-108-242.triplegate.net.id -----------------------------
202-127-108-242.triplegate.net.id -----------------------------


Kind regards







"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline Jane
Last Visit: 09/04/13

Level 3
Dev
Joined: 06/29/06
Forum Posts: 101
 Re: Hackers alert!
 Posted on: 09/01/04 at 05:58:07

On, I am having a "brain" dead moment,  should I be putting the addreses you gave us in the IP Access section of Site Admin,  its just the fact its called IP access rather than Ban list which is throwing me



Jane.

www.rjt.org.uk
Logged
       
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert!
 Posted on: 09/01/04 at 06:03:43


On, I am having a "brain" dead moment,  should I be putting the addreses you gave us in the IP Access section of Site Admin,  its just the fact its called IP access rather than Ban list which is throwing me


Jane hi,

Yeah it confused me too.

Wrote a sub for domain ban, the ip access will not stop them, they are using a dynamic ip, and allready logged of (while i was trying to scan thier ports on that ip lol )

But can not release the sub before tonite when I get back from work. This sub will let you ban domains like *.id  and *.net.id  

Hopfully anton will read this before I get back and write a solution (he has a similiar hack if I remember right..).


Would suggest to install the patch that Carter released recently too, but please note that this patch only stops them on the topics excuter.. while they are trying these tricks also on other excuters!

On :)






"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline Jane
Last Visit: 09/04/13

Level 3
Dev
Joined: 06/29/06
Forum Posts: 101
 Re: Hackers alert!
 Posted on: 09/01/04 at 07:01:08

Thanks On,

I will keep an eye on the thread.

See what comes.

I don't understand too much about the mechanisms for Hacking and do appreciate all the help you all provide to help keep all our sites safe.



Jane.

www.rjt.org.uk
Logged
       
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert!
 Posted on: 09/01/04 at 10:52:00







"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Hackers alert!
 Posted on: 09/01/04 at 11:11:58

I always get strange countries visiting my site, but they can't seem to do anything.  When they hang out a tad too long, then i just block the entire IP branch. (My audience isn't international, so i dont care. :) )



What do you mean it's NOT butter?
Logged
     
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert!
 Posted on: 09/01/04 at 11:17:00



I always get strange countries visiting my site, but they can't seem to do anything.  When they hang out a tad too long, then i just block the entire IP branch. (My audience isn't international, so i dont care. :) )


If someone without an os is trying to browse your etc/  folder...  I  would care lol


The problem with the present sub ban that it doesnt ban doamis, but one should make a simpel change there adding a $  to the ende of the matching string so it will start matching from the end, there by it would match both a domain ban and a dynamic ban :)





"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Hackers alert!
 Posted on: 09/01/04 at 11:18:51

I don't use webapp's banning device, i use htaccess. I'm an exception.



What do you mean it's NOT butter?
Logged
     
offline Jane
Last Visit: 09/04/13

Level 3
Dev
Joined: 06/29/06
Forum Posts: 101
 Re: Hackers alert!
 Posted on: 09/01/04 at 11:24:55

Thanks On,  I will give it a try.  

Can't use .htaccess as my hosting does not allow it.



Jane.

www.rjt.org.uk
Logged
       
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert!
 Posted on: 09/01/04 at 11:26:55



Thanks On,  I will give it a try.  

Can't use .htaccess as my hosting does not allow it.



Please wait!

The messageboard is killing the code!! cry

Will uplaod it on my site.





"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert!
 Posted on: 09/01/04 at 11:36:03


I don't use webapp's banning device, i use htaccess. I'm an exception.


DenDen did you see the post I made in the moderators forum?

Posted the entire procedure they used, nothing personal.. but according to that procedure none of us is protected.

Further more thsi hack here will only prevent them from using a script, they can still run these commands manually.







"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert!
 Posted on: 09/01/04 at 11:42:05



My audience isn't international, so i dont care. :) )


Are you into the showbiz? wooow!
What? where?

On





"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Hackers alert!
 Posted on: 09/01/04 at 11:51:58


I don't use webapp's banning device, i use htaccess. I'm an exception.

DenDen did you see the post I made in the moderators forum?

Posted the entire procedure they used, nothing personal.. but according to that procedure none of us is protected.

Further more thsi hack here will only prevent them from using a script, they can still run these commands manually.




I know it's not personal. LOL
Anyway, this is what you do in htaccess to prevent casural browsing

code:

DirectoryIndex index.html index.shtml index.shtm index.php index.cgi /403.html

<Files .*>
deny from all
</Files>



then, nobody can browse anything :)


Also, my host has a feature on it that permits me to block casual browsing at all levels.



What do you mean it's NOT butter?
Logged
     
offline Jane
Last Visit: 09/04/13

Level 3
Dev
Joined: 06/29/06
Forum Posts: 101
 Re: Hackers alert!
 Posted on: 09/01/04 at 12:26:50

Hi,

I don't know if its working, but I added the code to my subs.pl in user-lib and the site still works.

Any way for someone like me to check if its working?



Jane.

www.rjt.org.uk
Logged
       
offline Chip
Last Visit: 10/31/08

Moderator
Joined: 01/28/03
Forum Posts: 162
 Re: Hackers alert!
 Posted on: 09/01/04 at 13:14:30

Hi On, can this code be added to the subs.pl in my user-lib dir, or does it need to be replaced in the original in the cgi-lib?



My generic signature...
Logged
     

  Hackers alert !
  Security
  Forums
  
Pages: [1] 2 3 4 5
Hop to: