Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

advice
 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x
Author Message
Maclain
Regular
Regular



Joined: Feb 25, 2006
Posts: 60
Location: England
PostPosted: Sat Mar 04, 2006 5:16 pm Reply with quote
sentinel has caught it's first abuser,

email read as follows

Quote:

Date & Time: 2006-03-04 15:55:17 CST GMT -0600
Blocked IP: 201.50.112.11
User ID: Morpheus101 (1)
Reason: Abuse-Filter
--------------------
User Agent: none
Query String: web.morphies.net/modules.php?name=http://busca.uol.com.br/uol/index.html?&cmd=id&op=last
Get String: web.morphies.net/modules.php?name=http://busca.uol.com.br/uol/index.html?&cmd=id&op=last
Post String: web.morphies.net/modules.php
Forwarded For: none
Client IP: none
Remote Address: 201.50.112.11
Remote Port: 2224
Request Method: GET


I aint sure why or what this is blocked for, can someone explain for me please Smile

TIA

_________________
Insert funky message here: 
View user's profile Send private message Visit poster's website
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Sat Mar 04, 2006 5:19 pm Reply with quote
If I had to guess, I would be concerned with two things in that string:

1) No-where within Nuke (that I know of) does it use a link name=http anything...

2) I don't like the "cmd" variable being used.

I am not up on all the "script kiddie" hacks, but this definitely looks suspicious to me.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Maclain
PostPosted: Sat Mar 04, 2006 5:22 pm Reply with quote
well sentinel blocked it, so yay Smile
 
Maclain
PostPosted: Sat Mar 04, 2006 5:31 pm Reply with quote
it would appear that http://busca.uol.com.br is a search engine in brazil...
 
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221
PostPosted: Sat Mar 04, 2006 6:29 pm Reply with quote
Probably a hacker.. brazil is pretty full of them. I suspect they are testing your site for a vulnerablity before trying to do nasty things

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6437
PostPosted: Sat Mar 04, 2006 8:26 pm Reply with quote
This site has been pretty active lately. They've tried almost all my sites. It must be getting boring to be script kiddies these days...

_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Maclain
PostPosted: Sun Mar 05, 2006 8:54 am Reply with quote
lets hope so Smile
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©