Re: [Phpgedview-talk] attack attempt
Brought to you by:
canajun2eh,
yalnifj
Menu
▾
▴
Re: [Phpgedview-talk] attack attempt
|
From: S.C. G. <alp...@gm...> - 2005-12-25 23:33:06
|
Yes, but bandwidth and anonymity is important... If they continue to hack me, my ISP will know I am running a server. I tossed up PF firewall and snort. plus blocked them at my Linksys router..= . never the less. What kind of loser tries to deface a family tree? Where is the gain? How are they making money at this? They are not American, so they do not have the mindless destroyer excuse. ... it's puzzling. Never-the-less, they are attacking everyone on the phpgedview list. the lis= t should be revised. It needs to have contact info not url info. On 12/25/05, Tastiger <tas...@sc...> wrote: > > I'm not sure that blocking IPs is going to achieve anything as the IP > address will rarely reflect the true IP of the attacker. > > I haven't blocked any IPs - but applied both the patched files and I > haven't had any attempts since. > > If you have a look at your Phpgedview logs - you will see that they > are attempting to login > > EG: > > 21.12.2005 07:21:22 - 195.2.72.54 - Login Failed ->HiMaster!<- > 21.12.2005 07:21:25 - 195.2.72.54 - User registration requested for: > SUNTZU6312 > 21.12.2005 07:21:26 - 195.2.72.54 - Anonymous user added user -> > SUNTZU6312 <- > 21.12.2005 07:23:29 - 195.2.72.54 - Login Failed ->HiMaster!<- > 21.12.2005 07:23:32 - 195.2.72.54 - User registration requested for: > SUNTZU3645 > 21.12.2005 07:23:32 - 195.2.72.54 - Anonymous user added user -> > SUNTZU3645 <- > 21.12.2005 07:52:58 - 203.221.137.137 - Shane deleted user -> SUNTZU3645 > <- > 21.12.2005 07:53:07 - 203.221.137.137 - Shane deleted user -> SUNTZU3645 > <- > 21.12.2005 07:53:10 - 203.221.137.137 - Shane deleted user -> SUNTZU6312 > <- > 21.12.2005 08:19:53 - 84.204.210.34 - Login Failed ->HiMaster!<- > 21.12.2005 08:19:56 - 84.204.210.34 - User registration requested > for: SUNTZU1609 > 21.12.2005 08:19:56 - 84.204.210.34 - Anonymous user added user -> > SUNTZU1609 <- > 21.12.2005 08:20:43 - 84.204.210.34 - Login Failed ->HiMaster!<- > 21.12.2005 08:20:47 - 84.204.210.34 - User registration requested > for: SUNTZU4643 > 21.12.2005 08:20:47 - 84.204.210.34 - Anonymous user added user -> > SUNTZU4643 <- > 21.12.2005 10:09:13 - 67.19.24.66 - Login Failed ->HiMaster!<- > 21.12.2005 10:09:17 - 67.19.24.66 - User registration requested for: > SUNTZU5926 > 21.12.2005 10:09:17 - 67.19.24.66 - Anonymous user added user -> > SUNTZU5926 <- > 21.12.2005 10:09:32 - 67.19.24.66 - Login Failed ->HiMaster!<- > 21.12.2005 10:09:36 - 67.19.24.66 - User registration requested for: > SUNTZU9533 > > If your permission settings are set up properly it shouldn't be an issue > > And as you can see from this excerpt of the log they have used 2 > different IPs in a matter of minutes > > At 09:50 26/12/2005, you wrote: > >My server has been getting hit hard. > > > >Much of their attenmpts seem random, they try for subdirectories to > >applications I don't even have. Such as the follow subdirs, mambo, > >drupal, blog, xmlrpc, phpgroupware, awstats etc... mainly they are > >looking for " xmlrpc.php" > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=3D7637&alloc_id=3D16865&op=3Dclick > _______________________________________________ > Phpgedview-talk mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpgedview-talk > -- ---S.C. Gehl, 'Beauty to Burn' |
