Mike, read my edited post above.
Submit Your Article
Forum Rules
Mike, read my edited post above.
Mini Network:: Financial information at your fingertips
Learn object oriented programming where it started
Conversations creates communities and conversions create profit.
I didn't see IrishWonder having probs - he he - I say Earls behind it
bruuha ha ha ha
I just read about this. This guy needs to get a life. I read a post that wordpress blogs above 2.0.4 are immune to the exploit.
Bruce
My bolding.Originally Posted by kgun
It takes you some minutes to do it and set it back when the attack is over. If it continues from the same IP range, you may make it (more) permanent.
Here is a typical example:
I think the above spammer continues, so instead of writing
deny from 59.93.83.178
deny from 59.92.126.63
deny from 59.94.96.182
deny from 59.93.201.227
I now write
deny from 59.0.0.0/8
for a while to see what happens.
Mini Network:: Financial information at your fingertips
Learn object oriented programming where it started
Conversations creates communities and conversions create profit.
To be more precise:
Here is the new code in .htaccess for ForumNorway:
deny from 59.93.83.178
deny from 59.92.126.63
deny from 59.94.96.182
deny from 59.93.201.227
deny from 59.0.0.0/8
It takes seconds the next time I update it to modify it to
deny from 59.93.83.178
deny from 59.92.126.63
deny from 59.94.96.182
deny from 59.93.201.227
#deny from 59.0.0.0/8
alternatively
#deny from 59.93.83.178
#deny from 59.92.126.63
#deny from 59.94.96.182
#deny from 59.93.201.227
#deny from 59.0.0.0/8
Mini Network:: Financial information at your fingertips
Learn object oriented programming where it started
Conversations creates communities and conversions create profit.
Not that I am a hacker or anything, but if I was going to analyze the security of a web server, I typically would assume that the server uses an IDS (although most don't) which detects suspicious activity from an IP address and automatically blocks traffic from that IP before it even reaches the application layer. If I were doing such an analysis, I would use a program that routes me through a different anon proxy every few minutes. This type of software is free and not very hard to find.
Also, remember that this attacker seems to be basically a script kiddie. He is right now focusing on known exploits to attack these blogs and sites. These attacks are pretty quick, and he would be able to comprimise a vulnerable server before the attack was blocked manually. His initial round of attacks scanned for a known flaw and then exploited it when he detected a vulnerable server. It probably took under five minutes per victim. Manual methods typically are not effective in that timeframe.
An IDS is a piece of hardware (or sometimes software) that scans network traffic, looking for suspicious data, and blocking such traffic as soon as it is detected. Unfortunately, this is usually expensive, and not usually available with shared or dedicated hosting.
I am not trying to discourage or scare anyone, I am simply trying to drive home the point that using a quick-fix solution such as IP address blocking is not going to be effective protection against underlying problems in web applications.
If you are a listed target, or a potential target, the most important things are to monitor your log files and watch for any suspicious activity. Make sure any web apps you use have the latest security patches installed. If you have older versions of apache (pre 2.2.1) and use mod_rewrite, make sure you have installed the vulnerability fix for the issue. Also, make sure you check content, such as blogs, hosted by outside parties on a regular basis. If the external content is hijacked, you can at least try to recover once you see the problem.
If there is any interest, I can post some information about checking the security of your web site and server, and/or about what to do if your site is attacked. I know many of you are already familiar with this, but some may not.
The best way to learn anything, is to question everything.
WigeDev - Freelance web and software development
Hi can anyone explain in simple terms what a hacker does and takes from these types of forums?
Stephen, are you asking what "hackers" in general hope to gain from thier actions, or more what this attacker is trying to acheive, or something else?
The best way to learn anything, is to question everything.
WigeDev - Freelance web and software development
I guess a bit of both. What would they be able to take from this forum and how could they use it?
1. Wige many good points.
2. I did not experience a hacker, but a forum spammer that signed up legally but posted a spam post on my forum. I have the latest upgrade of the forum software.
3. Hacking is more serious than spamming. I used what has happened on my forum to show one way to stop a hacker / spammer.
Mini Network:: Financial information at your fingertips
Learn object oriented programming where it started
Conversations creates communities and conversions create profit.
Posting Permissions
Reply With Quote