| Author |
Message |
redoced
Nuke Soldier
Joined: Jul 28, 2005
Posts: 21
|
 Posted:
Thu Jul 28, 2005 1:52 am |
  |
Hey guys,For the last week I keep getting email notification regarding blocks from sentinel, they always seem to be a forum topic and have this \'.system(getenv(HTTP_PHP)).\' at the end of the url
Is this an attempted attack? should I be blocking IP's for this?
Thanks for any info on the matter  |
|
|
    |
|
Evaders99
Site Admin
Joined: Aug 17, 2003
Posts: 12482
|
| Posted:
Thu Jul 28, 2005 9:14 am |
|
|
 |
|
redoced
Nuke Soldier
Joined: Jul 28, 2005
Posts: 21
|
| Posted:
Fri Jul 29, 2005 2:05 am |
|
Thanks for your reply, I'm using bb to nuke 2.1,so am I at risk? I have had probably 10 of these attacks now,but sentinel seems to block them |
|
|
|
|
Evaders99
Site Admin
Joined: Aug 17, 2003
Posts: 12482
|
| Posted:
Fri Jul 29, 2005 3:33 am |
|
BBToNuke 2.1 sounds like a very old version.
Is that the right version?
Check the line
| Code: |
Powered by phpBB 2.0.XX
|
That should be one version to look at
I still recommend updating your BBToNuke for security, even with Sentinel |
_________________
Helping those that help themselves
Read FIRST or DIE!
"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding |
|
|
|
redoced
Nuke Soldier
Joined: Jul 28, 2005
Posts: 21
|
| Posted:
Fri Jul 29, 2005 3:45 am |
|
This is what is says on the bottom of the forum
Powered by phpBB 2.0.11 © 2004 phpBB Group
Version 2.1 by Nuke Cops © 2003 http://www.nukecops.
Sorry I would post the site link,but maybe I should get it all updated first |
|
|
|
|
Evaders99
Site Admin
Joined: Aug 17, 2003
Posts: 12482
|
| Posted:
Fri Jul 29, 2005 6:24 am |
|
Right, it is 2.0.11
Newer versions will remove the version number and place it in your admin panel. Thus hackers will have a harder time targetting your forums if they don't know the version |
_________________
Helping those that help themselves
Read FIRST or DIE!
"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding |
|
|
|
redoced
Nuke Soldier
Joined: Jul 28, 2005
Posts: 21
|
| Posted:
Fri Jul 29, 2005 6:29 am |
|
Cool, It will get updated soon thank you for your help  |
|
|
|
|
kelisia
Nuke Soldier
Joined: Jun 22, 2005
Posts: 15
Location: Dallas Tx.
|
| Posted:
Fri Jul 29, 2005 1:36 pm |
|
Just a quick question, Do forum upgrades need to be done in order?
For instance if you are running 2.0.15 do you need to first upgrade to .16 then .17? Or can you just jump to .17?
*EDIT*
Nevermind.. It's amazing what a little forum searching can do  I Found the answer. |
|
|
|
|
infidelguy
Nuke Soldier
Joined: Jan 05, 2004
Posts: 18
Location: Atlanta, Georgia
|
| Posted:
Sat Jul 30, 2005 8:17 am |
|
Anyone know how to permanently block this type of url string, I don't even want to see an alert from Sentinel anymore. I'm getting hundreds a day. |
|
|
  |
|
jimmo
Corporal
Joined: Feb 14, 2004
Posts: 60
Location: Germany
|
| Posted:
Fri Aug 05, 2005 3:27 am |
|
I have been getting them, too. What I have been thinking is something in the .htaccess that specifically looks for a URL containing "system(getenv(HTTP_PHP))" or whatever and then sends it off to lala-lala land. Maybe a permission denied or a redirect to a specific page or whatever. |
_________________
The Linux Knowledge Base and Tutorial project is looking for volunteers: http://www.linux-tutorial.info |
|
|
|
twelves
Lieutenant
Joined: Jul 13, 2003
Posts: 192
|
| Posted:
Fri Aug 05, 2005 4:22 am |
|
weird, both my pages get it only after turning some blocker setting on.
I thought it was the santi worm?
You can just choose not to get notified upon attack.
I guess it is real because I have over 50 email attack attempts and not one complaint.
Shees... I hope its an attack and not my blocking legal users.
 |
_________________
 |
|
|
|
|
|
