Announcement

Collapse
No announcement yet.

Am I Gettin' Hacked?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Am I Gettin' Hacked?

    I installed the 'guest tracker' mod on my forum, and when I checked guest activity tonight, I found this:

    Click image for larger version

Name:	orillia_hacker_110117.jpg
Views:	1
Size:	92.0 KB
ID:	3719779

    The visible link points to:
    http://www.chaoshang.net/rc/dmc.txt?

    but the actual http code links to:
    http://orillianetworks.ca/forum/misc...et/rc/dmc.txt?

    which is a smiley FAQ page within my site, apparently (never saw that page before).

    The IP address is purportedly in Brazil - unless, of course, it's proxied.

    Can any of you advanced users tell me what the script is trying to do? I have safe backups and my site isn't so busy that anything really awful is gonna happen, but I am curious about what the vulnerability factor is here. Any input would be welcome; I like learning things.

  • #2
    It could be just a bot scanning your site for things, whether or not it's malcious or not, that's kind of hard to tell.

    In this case, it may be trying to find something but no idea what.

    Have you updated your spiders file with the latest version? If you are going to use this mod, it would be a very good idea to keep your spiders file up-to-date.

    http://www.wolfshead-solutions.com/spiders-list

    Replace the default spiders-vbulletin.xml file in the includes/xml directory with this one from the link above.

    Here's some info on those IP's:

    http://www.projecthoneypot.org/ip_189.70.60.247
    http://www.projecthoneypot.org/ip_189.70.125.28

    Possibly email harvesters for spamming...
    To be updated...

    Comment


    • #3
      Hmmm, a multitude of ip addresses showing up now with more and more instances of this script.

      No, I haven't updated the spiders, I should do that; thanks for the file!

      Comment


      • #4
        Originally posted by orillia View Post
        Hmmm, a multitude of ip addresses showing up now with more and more instances of this script.

        No, I haven't updated the spiders, I should do that.
        Yes, it will show you which IP addresses are registered to various known spiders. It's immensely helpful to weed out who's a real spider and who's not. Granted, IP addresses change from time to time, but generally this is a great tool to help use the visitors mod.

        The mod will break the list down by known spiders and actual guests or unregistered spiders. It won't be retroactive after you change it, so give it a little while to collect the incoming data from new visits.
        To be updated...

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...
        X