Re: [Phpgedview-talk] attack attempt
Brought to you by:
canajun2eh,
yalnifj
Menu
▾
▴
Re: [Phpgedview-talk] attack attempt
|
From: Tastiger <tas...@sc...> - 2005-12-25 23:24:53
|
I'm not sure that blocking IPs is going to achieve anything as the IP address will rarely reflect the true IP of the attacker. I haven't blocked any IPs - but applied both the patched files and I haven't had any attempts since. If you have a look at your Phpgedview logs - you will see that they are attempting to login EG: 21.12.2005 07:21:22 - 195.2.72.54 - Login Failed ->HiMaster!<- 21.12.2005 07:21:25 - 195.2.72.54 - User registration requested for: SUNTZU6312 21.12.2005 07:21:26 - 195.2.72.54 - Anonymous user added user -> SUNTZU6312 <- 21.12.2005 07:23:29 - 195.2.72.54 - Login Failed ->HiMaster!<- 21.12.2005 07:23:32 - 195.2.72.54 - User registration requested for: SUNTZU3645 21.12.2005 07:23:32 - 195.2.72.54 - Anonymous user added user -> SUNTZU3645 <- 21.12.2005 07:52:58 - 203.221.137.137 - Shane deleted user -> SUNTZU3645 <- 21.12.2005 07:53:07 - 203.221.137.137 - Shane deleted user -> SUNTZU3645 <- 21.12.2005 07:53:10 - 203.221.137.137 - Shane deleted user -> SUNTZU6312 <- 21.12.2005 08:19:53 - 84.204.210.34 - Login Failed ->HiMaster!<- 21.12.2005 08:19:56 - 84.204.210.34 - User registration requested for: SUNTZU1609 21.12.2005 08:19:56 - 84.204.210.34 - Anonymous user added user -> SUNTZU1609 <- 21.12.2005 08:20:43 - 84.204.210.34 - Login Failed ->HiMaster!<- 21.12.2005 08:20:47 - 84.204.210.34 - User registration requested for: SUNTZU4643 21.12.2005 08:20:47 - 84.204.210.34 - Anonymous user added user -> SUNTZU4643 <- 21.12.2005 10:09:13 - 67.19.24.66 - Login Failed ->HiMaster!<- 21.12.2005 10:09:17 - 67.19.24.66 - User registration requested for: SUNTZU5926 21.12.2005 10:09:17 - 67.19.24.66 - Anonymous user added user -> SUNTZU5926 <- 21.12.2005 10:09:32 - 67.19.24.66 - Login Failed ->HiMaster!<- 21.12.2005 10:09:36 - 67.19.24.66 - User registration requested for: SUNTZU9533 If your permission settings are set up properly it shouldn't be an issue And as you can see from this excerpt of the log they have used 2 different IPs in a matter of minutes At 09:50 26/12/2005, you wrote: >My server has been getting hit hard. > >Much of their attenmpts seem random, they try for subdirectories to >applications I don't even have. Such as the follow subdirs, mambo, >drupal, blog, xmlrpc, phpgroupware, awstats etc... mainly they are >looking for " xmlrpc.php" |
