1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Forums wiped out!

Discussion in 'General Chat' started by anthonycea, Dec 23, 2004.

  1. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #161
    Did you join yet Minstrel? Looks like they could help shed light on a lot of things in the "day of the worm" & "traffic bot" ;)
     
    anthonycea, Jan 29, 2005 IP
  2. joeychgo

    joeychgo Notable Member

    Messages:
    3,368
    Likes Received:
    321
    Best Answers:
    0
    Trophy Points:
    255
    #162

    Thats their attraction. They can bother a bunch of people at once
     
    joeychgo, Jan 29, 2005 IP
  3. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #163
    So Joey, what are you doing to insure that your forum does not get attacked by worms/traffic bots?

    Just yesterday a forum I belong to was attacked and taken down :eek:
     
    anthonycea, Jan 29, 2005 IP
  4. dakar

    dakar Active Member

    Messages:
    203
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    83
    #164
    Besides the obvious patching the forums, and PHP, here is a portion of my .htaccess, a little mod rewrite that takes care of the worms and script kiddies...

    
    RewriteEngine On 
    # prevent access from santy webworm a-e 
    RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR] 
    RewriteCond %{QUERY_STRING} ^(.*)rush=\%65\%63\%68 [OR] 
    RewriteCond %{QUERY_STRING} ^(.*)rush=echo [OR] 
    RewriteCond %{QUERY_STRING} ^(.*)wget\%20 
    RewriteRule ^.*$ [url]http://127.0.0.1/[/url] [R,L] 
    
    # prevent pre php 4.3.10 bug 
    RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b 
    RewriteRule ^.*$ [url]http://127.0.0.1/[/url] [R,L] 
    
    # prevent perl user agent (most often used by santy) 
    RewriteCond %{HTTP_USER_AGENT} ^lwp.* [NC] 
    RewriteRule ^.*$ [url]http://127.0.0.1/[/url] [R,L]
    
    Code (markup):
     
    dakar, Jan 29, 2005 IP
  5. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #165
    Funny Dakar, forums still are being attacked and owners still don't understand what to do, thanks for the post. ;)
     
    anthonycea, Jan 29, 2005 IP
  6. dakar

    dakar Active Member

    Messages:
    203
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    83
    #166
    Kinda figured that, it's been posted all over phpbb's website for a month or so now, a few refinements here and there, but figured it was worth reposting, if one person reads and implements it then it wasn't a total waste of electrons :) None the less it's been working very well for me...
     
    dakar, Jan 29, 2005 IP
  7. illegalteamsux

    illegalteamsux Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #167
    The malicious code for this hack is inserted into the phpbb_forums table in the forum_desc field. It seems to go for the first row in the table...
     
    illegalteamsux, Mar 23, 2005 IP
  8. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #168
    A major haven for groups like this is theplanet.com -- they were implicated in the illegalteam attacks and, perhaps not surprisingly, were a major source of attacks from Santy.

    theplanet.com just does not care who is on their servers or what they do or how many of their customers are infected or actively initiating attacks.

    See Blacklist theplanet.com -- if people like this won't clean up their own houses, they should be shut down.
     
    minstrel, Mar 23, 2005 IP
  9. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #169
    Has the FCC and the FBI been made aware of this company by official complaint Minstrel :confused:
     
    anthonycea, Mar 23, 2005 IP
  10. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #170
    Actually, yes... however, nothing happened as far as I can see (at least not yet -- the wheels of justice grind slow...).
     
    minstrel, Mar 23, 2005 IP
  11. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #171
    anthonycea, Mar 23, 2005 IP
  12. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #172
    Wow... it really IS handy having live links back in your posts :D

    Thanks, AC, but in this case the complaints were made about both the hackers AND the ISP which was aiding and abetting them. As you have argued elsewhere, I think the key to stopping a lot of this crap is to put pressure on hosts to clean up their own servers... that at least will cut down on some of the volume.
     
    minstrel, Mar 23, 2005 IP