Announcement

Collapse
No announcement yet.

Is this a hack attempt?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • michaelw
    replied
    cheers for that i tryed a fair few and didnt't found out anything.
    Last edited by michaelw; Thu 17 Apr '03, 5:30pm.

    Leave a comment:


  • Scott MacVicar
    replied
    did you try going to http://www.geektools.com/cgi-bin/proxy.cgi and entering the IP there as it will tell you the IP range owner.

    A indexing by a search engine can take many hours. I've seen google on my forums for over 3 hours

    Leave a comment:


  • michaelw
    replied
    Cheers for the quick reply . Had no luck finding a contact for the ip address so going to ban the ip address from my whole website now to be on the safe side as its started all over again now and I'm sure a spider or bot for a search engine wouldn't do it for as long as this.

    Leave a comment:


  • Scott MacVicar
    replied
    well if they are website names or mail.blah.com they are unsecured proxies definately and they are probably trying to attack your forums, it may have been the spam bot.

    Most legitemate proxies or cacheing systems will have the words proxy, cache or sometimes the server software in the url such as NTL who use inktomi caching servers.

    If you have the time to do so try contacting the IP's they are accessing through and inform them that they may have a proxy, most sysops will appreciate these security holes being pointed out.

    Leave a comment:


  • michaelw
    replied
    Lo all
    I'm getting a similar thing. e.g
    Guest Searching Forums 11:29 PM 63.148.99.232
    Guest Sending Email to another forum user 11:20 PM 63.148.99.232
    and so on.
    about 4 guests all with that same ip above. tryed resolving the ip but no luck.
    Thought it was a search engine at first but it was also in
    Guest Unknown Location: /moderator.php?action=useroptions&userid=7&
    which is kinda freaking me out. Any ideas ?

    Leave a comment:


  • ManagerJosh
    replied
    Aren't those the same domains used by that porn spammer?

    Leave a comment:


  • Joe Gronlund
    replied
    sounds like someones using a anon mail proxy

    eg: mail.theweb.co.uk

    Leave a comment:


  • tamarian
    replied
    Maybe someone posted a link to a thread on your forum, and visitors to their site are just checking out that thread.....

    Leave a comment:


  • N9ne
    replied
    Steve, he probably means the address IP addresses resolve to.

    They're more than likely search engine bots.

    Leave a comment:


  • Beorn
    replied
    Originally posted by Cancorp
    **UPDATE** Now I know that he can get around the forum being closed because to get rid of the 19 guests, I set the cookie timeout to 1 second. That cleared out all the guests. I then went back and set the cookie to 900 and BAM, 18 users, all with the same IP range, right back in the list.....
    Who's Online only shows sessions active within the cookie timeout. The sessions still exist in the table, they're just not shown. That's why they happened to be still in Who's Online....

    Mike

    Leave a comment:


  • Steve Machol
    replied
    Not sure what you mean by 'using' addresses. It would help to see exactly what you are talking about.

    Leave a comment:


  • Cancorp
    replied
    Steve,

    Would a search engine use www addresses and mail addresses of businesses? The URL's that show up are all from established websites, primarily in Canada but some in the US.

    I also show a few gc.ca extensions which are Canadian Government.

    Also, how can they get back in once they have been kicked and the board is closed?

    Leave a comment:


  • Steve Machol
    replied
    It's more likely to be a search engine trying to spider your site.

    Leave a comment:


  • CeleronXT
    replied
    They can still visit that specific thread, but they get that error message anyway. (That's why they still keep comming in)

    Anyway, ban that IP range?

    Leave a comment:


  • Cancorp
    replied
    NOw I know this is a hack.

    The who's online just went from 3 to 19, and all the new arrivals are all in the same thread and have the same IP range.

    I closed the board as recomended, but whoever this is seems to still be getting in??

    2 new users have popped into the who's online since I shut the forum (yes, I logged out as admin, tried to get back in and it says "forum closed, please come back later")

    Thoughts? Ideas?

    **UPDATE** Now I know that he can get around the forum being closed because to get rid of the 19 guests, I set the cookie timeout to 1 second. That cleared out all the guests. I then went back and set the cookie to 900 and BAM, 18 users, all with the same IP range, right back in the list.....
    Last edited by Cancorp; Wed 16 Apr '03, 11:44am.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X