e107, Like Donuts on Steroids.
Home Downloads Forums Misc Bugtracker Documentation/Wiki Plugins Themes Hosting Reviews
Welcome
Username:

Password:


Remember me

[ ]
[ ]
[ ]
e107 Project Tracker
Changelog Changelog | Stats
Bugtracker Bugtracker
     80 open | 5030 total | Stats
Issue tracking (Jira) Issue tracking (Jira)
Feature Requests Feature Requests
     1372 open | 2139 total
SVN Tree SVN Tree
Released Files Released Files
Download Stats Download Stats
How to get SVN version How to get SVN version

e107 on IRC
freenode.net
For real-time help and friendly chat please join #e107 on the Freenode Network

It's a friendly channel so please drop in and say hello regardless of your e107 or IRC experience

If you're new to IRC please click [here] for an explanantion of what to do.

Web Hosting

e107.org :: Forums :: Miscellaneous :: General Discussion   << Previous thread | Next thread >>
new attacks again??
Moderators: jalist, McFly, bkwon, streaky, C6Dave, SecretR, steved, bugrain, AndyDev, Hansi64, nlstart
This thread is now closed
Author Post
nino
Wed Jun 09 2010, 09:10PM
Registered Member #7652
Joined: Tue Jun 01 2004, 06:40AM
Location:
Posts: 6
 		anybody getting hit on the calendar this time? i have blocked ip's from south american, philipines, and couple in uk?
Back to top
Yakumo
Wed Jun 09 2010, 09:18PM
Registered Member #31165
Joined: Thu Oct 05 2006, 03:48PM
Location:
Posts: 454
 		i dont have the calendar but i dont see anyone trying to get into it on our site.
Like Anime?
Back to top
Website
midwinter
Thu Jun 10 2010, 01:57AM
Registered Member #55872
Joined: Fri May 07 2010, 01:51AM
Location:
Posts: 3
 		I also had quite a few accesses to calender files as well as to the contact.php again. Both coming from bots that seemed to target a certain file structure, that is different in my e107 setup.
Back to top
VR6Pete
Thu Jun 10 2010, 04:13AM
Registered Member #2353
Joined: Mon Jul 28 2003, 01:21PM
Location:
Posts: 582
 		Please post the IP's so I can add some rules to my firewall.
Back to top
Thom01
Tue Jun 22 2010, 06:51PM
Registered Member #57123
Joined: Tue Jun 22 2010, 06:21PM
Location:
Posts: 2
VR6Pete wrote ...

Please post the IP's so I can add some rules to my firewall.

Ah, yes. That's a good idea. Thanks for mentioning.
Sig Spam removed
Back to top
nino
Sat Jun 26 2010, 04:35PM
Registered Member #7652
Joined: Tue Jun 01 2004, 06:40AM
Location:
Posts: 6
 		I have been checking my logs and shows that at bot from RU is checking my sites again, they are targeting two files. contact.php and help_up.php. They have changed the search the last couple of days to just focusing on the contact.php file. they are trying everything to file that file. I have renamed my contact file.
Anybody else have any ideas? I checked several ip addresses and they are mostly from russian, turkey, brazil, and some hosting companies in the us. What gives?
Back to top
nino
Sat Jun 26 2010, 04:38PM
Registered Member #7652
Joined: Tue Jun 01 2004, 06:40AM
Location:
Posts: 6
 		Agent: Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)
Agent: Casper Bot Search

File:
/%20%20/contact.php
/index.php/contact.php
/contact.php
/news.php?item.224.1/contact.php

These are some of the files they are after.
Back to top
C6Dave
Sun Jun 27 2010, 01:29AM
AKA 2dopey

Registered Member #9506
Joined: Sat Jul 31 2004, 02:57AM
Location: North East UK
Posts: 9298
 		Nino, there are several threads with solutions, here is one:


zollk60 wrote ...

Simply use .htaccess to block the bot by User Agent.

Insert the following code into .htaccess
    # ============================================= # BAD BOTS ==================================== SetEnvIfNoCase User-Agent "^Mozilla/4.76 \[ru\] \(X11; U; SunOS 5.7 sun4u\)" bad_bot <Limit GET POST>Order Allow,Deny Allow from all Deny from env=bad_bot </Limit>

It will generate a 403 error for all bots using the User Agent Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)

You can test if .htaccess is blocking the User Agent on this site: click to open link in new window


"The irony of the Information Age is that it has given new respectability to uninformed opinion" - John Lawton 1995
Back to top
Website
Yakumo
Mon Jun 28 2010, 09:23PM
Registered Member #31165
Joined: Thu Oct 05 2006, 03:48PM
Location:
Posts: 454
 		this is what i put in my .htaccess

    SetEnvIfNoCase user-agent "^Mozilla/4.76 \[ru\] \(X11; U; SunOS 5.7 sun4u\)" bad_bot=1 SetEnvIfNoCase user-agent "^Casper\ Bot\ Search" bad_bot=1 <FilesMatch "(.*)"> Order Allow,Deny Allow from all Deny from env=bad_bot </FilesMatch>


so far i think it is stopping all those unwanted bots ^^

[ Edited Mon Jun 28 2010, 09:23PM ]
Like Anime?
Back to top
Website
zollk60
Tue Jun 29 2010, 05:16PM

Registered Member #27052
Joined: Thu Apr 27 2006, 07:11PM
Location: Northern NY
Posts: 66
 		Add this as well, it's a new user agent:
    SetEnvIfNoCase User-Agent "^dex\ Bot\ Search" bad_bot=1

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Back to top
Gary Rudolph
Wed Jul 07 2010, 03:14AM
Registered Member #57587
Joined: Wed Jul 07 2010, 03:01AM
Location:
Posts: 1
 		Thanks for the posts above. they're indeed helpful.:)
Back to top
C6Dave
Wed Jul 07 2010, 03:16AM
AKA 2dopey

Registered Member #9506
Joined: Sat Jul 31 2004, 02:57AM
Location: North East UK
Posts: 9298
 		READ THIS THREAD: click to open link in new window
"The irony of the Information Age is that it has given new respectability to uninformed opinion" - John Lawton 1995
Back to top
Website

Jump:     Back to top
Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System


All product names mentioned herein are the trademarks of their respective owners. In addition, images, logos, pictures or other material may be trademarks or registered trademarks of their respective owners. Emote images by seb, released under the GPL licence.
Bug Tracking Software
Render time: 0.2347 sec, 0.1053 of that for queries. Memory Usage: 3,700kB