![]() |
Topic: Hackers alert ! | ||||
![]() Last Visit: 05/20/06 ![]() Level 7 Dev Joined: 06/19/03 Forum Posts: 6737 |
Hi
A group of hackers from *.id Are trying to hack into web-app sites please add this address to your ban list 202-127-108-242.triplegate.net.id Add this one too: 202.127.97.3 Moderators/adminsitrators plase read a message with hacking details at the moderators list. On And *.id if you are reading this post, a message for you: Your actions are fully logged and an email to abuse@ is its on his way with a copy to your mamma ![]() (Damian Conway from the book Perl Best Practices). [*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... ![]() [*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... ![]() [*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... ![]() ![]() ![]() ![]() ![]() ![]() |
||||
Logged |
| ||||
![]() Last Visit: 05/20/06 ![]() Level 7 Dev Joined: 06/19/03 Forum Posts: 6737 |
Copy of complaint to abuse@ (deleted logs for security reasons)
Sent from an official gov email address, if we get no reply I intend to send a complaint to the domain provider. All expenses (my working hours!) will be billed ![]() Dear Sirs, According to our records as submitted below, there are hackers using your domain trying to access pwd files at our site in which is located on a Norwegian government's website. I have also been informed that these hackers have been defacing at least 3 websites recently all which are using a web portal script from www.web-app.net .... ![]() Such a conduct is a severe violation of international internet rules, ethics and standards and would not be accepted by your domain provider. It would be greatly appreciated if you could treat this matter as soon as possible. Your prompt reply would be appreciated. Log: Event took place about 2 hours ago 1. Septmeber 2004. 202-127-108-242.triplegate.net.id ----------------------------- 202-127-108-242.triplegate.net.id ----------------------------- 202-127-108-242.triplegate.net.id ----------------------------- Kind regards (Damian Conway from the book Perl Best Practices). [*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... ![]() [*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... ![]() [*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... ![]() ![]() ![]() ![]() ![]() ![]() |
||||
Logged |
| ||||
![]() Last Visit: 09/04/13 ![]() Level 3 Dev Joined: 06/29/06 Forum Posts: 101 |
On, I am having a "brain" dead moment, should I be putting the addreses you gave us in the IP Access section of Site Admin, its just the fact its called IP access rather than Ban list which is throwing me
Jane. www.rjt.org.uk |
||||
Logged |
| ||||
![]() Last Visit: 05/20/06 ![]() Level 7 Dev Joined: 06/19/03 Forum Posts: 6737 |
Jane hi, Yeah it confused me too. Wrote a sub for domain ban, the ip access will not stop them, they are using a dynamic ip, and allready logged of (while i was trying to scan thier ports on that ip ![]() But can not release the sub before tonite when I get back from work. This sub will let you ban domains like *.id and *.net.id Hopfully anton will read this before I get back and write a solution (he has a similiar hack if I remember right..). Would suggest to install the patch that Carter released recently too, but please note that this patch only stops them on the topics excuter.. while they are trying these tricks also on other excuters! On :) (Damian Conway from the book Perl Best Practices). [*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... ![]() [*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... ![]() [*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... ![]() ![]() ![]() ![]() ![]() ![]() |
||||
Logged |
| ||||
![]() Last Visit: 09/04/13 ![]() Level 3 Dev Joined: 06/29/06 Forum Posts: 101 |
Thanks On,
I will keep an eye on the thread. See what comes. I don't understand too much about the mechanisms for Hacking and do appreciate all the help you all provide to help keep all our sites safe. Jane. www.rjt.org.uk |
||||
Logged |
| ||||
![]() Last Visit: 05/20/06 ![]() Level 7 Dev Joined: 06/19/03 Forum Posts: 6737 |
(Damian Conway from the book Perl Best Practices). [*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... ![]() [*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... ![]() [*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... ![]() ![]() ![]() ![]() ![]() ![]() |
||||
Logged |
| ||||
![]() Last Visit: 02/05/05 ![]() Level 7 Joined: 05/26/02 Forum Posts: 2244 |
I always get strange countries visiting my site, but they can't seem to do anything. When they hang out a tad too long, then i just block the entire IP branch. (My audience isn't international, so i dont care. :) )
What do you mean it's NOT butter? |
||||
Logged |
| ||||
![]() Last Visit: 05/20/06 ![]() Level 7 Dev Joined: 06/19/03 Forum Posts: 6737 |
If someone without an os is trying to browse your etc/ folder... I would care ![]() The problem with the present sub ban that it doesnt ban doamis, but one should make a simpel change there adding a $ to the ende of the matching string so it will start matching from the end, there by it would match both a domain ban and a dynamic ban :) (Damian Conway from the book Perl Best Practices). [*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... ![]() [*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... ![]() [*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... ![]() ![]() ![]() ![]() ![]() ![]() |
||||
Logged |
| ||||
![]() Last Visit: 02/05/05 ![]() Level 7 Joined: 05/26/02 Forum Posts: 2244 |
I don't use webapp's banning device, i use htaccess. I'm an exception.
What do you mean it's NOT butter? |
||||
Logged |
| ||||
![]() Last Visit: 09/04/13 ![]() Level 3 Dev Joined: 06/29/06 Forum Posts: 101 |
Thanks On, I will give it a try.
Can't use .htaccess as my hosting does not allow it. Jane. www.rjt.org.uk |
||||
Logged |
| ||||
![]() Last Visit: 05/20/06 ![]() Level 7 Dev Joined: 06/19/03 Forum Posts: 6737 |
Please wait! The messageboard is killing the code!! ![]() Will uplaod it on my site. (Damian Conway from the book Perl Best Practices). [*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... ![]() [*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... ![]() [*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... ![]() ![]() ![]() ![]() ![]() ![]() |
||||
Logged |
| ||||
![]() Last Visit: 05/20/06 ![]() Level 7 Dev Joined: 06/19/03 Forum Posts: 6737 |
DenDen did you see the post I made in the moderators forum? Posted the entire procedure they used, nothing personal.. but according to that procedure none of us is protected. Further more thsi hack here will only prevent them from using a script, they can still run these commands manually. (Damian Conway from the book Perl Best Practices). [*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... ![]() [*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... ![]() [*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... ![]() ![]() ![]() ![]() ![]() ![]() |
||||
Logged |
| ||||
![]() Last Visit: 05/20/06 ![]() Level 7 Dev Joined: 06/19/03 Forum Posts: 6737 |
Are you into the showbiz? wooow! What? where? On (Damian Conway from the book Perl Best Practices). [*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... ![]() [*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... ![]() [*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... ![]() [*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... ![]() ![]() ![]() ![]() ![]() ![]() |
||||
Logged |
| ||||
![]() Last Visit: 02/05/05 ![]() Level 7 Joined: 05/26/02 Forum Posts: 2244 |
I know it's not personal. LOL Anyway, this is what you do in htaccess to prevent casural browsing code:
then, nobody can browse anything :) Also, my host has a feature on it that permits me to block casual browsing at all levels. What do you mean it's NOT butter? |
||||
Logged |
| ||||
![]() Last Visit: 09/04/13 ![]() Level 3 Dev Joined: 06/29/06 Forum Posts: 101 |
Hi,
I don't know if its working, but I added the code to my subs.pl in user-lib and the site still works. Any way for someone like me to check if its working? Jane. www.rjt.org.uk |
||||
Logged |
| ||||
![]() Last Visit: 10/31/08 ![]() Moderator Joined: 01/28/03 Forum Posts: 162 |
Hi On, can this code be added to the subs.pl in my user-lib dir, or does it need to be replaced in the original in the cgi-lib?
My generic signature... |
||||
Logged |
|
![]() ![]() ![]() ![]() ![]() | ||
Pages: [1] 2 3 4 5 |