| Topic Archived |
View previous topic :: View next topic |
| Author |
Message |
tank
Gold Supporter
 Offline
Joined: Apr 20, 2004
Posts: 824
Location: Houston, Texas USA
|
 Posted: Mon Dec 27, 2004 3:14 am
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
I had read that the IP 127.0.0.1 is one that is causing grief but I haven't had time to look anything up on it so I guess could change it to:
| Code:: |
RewriteRule ^.*$ http://127.0.0.1 [L]
|
I also just read a report that envidiosos.org is also a UA that is involved so you may want to add that to the UA list. I haven't seen them in my logs yet though.
_________________
Search is your friend
tank's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora Core 1, Apache 1.3.33, Mysql 4.1.14, PHP 5.0.5 w/ APC cache, Dragonfly 9.0.6.1
|
|
| Back to top |
|
 |
Mesum
Supporter
Offline
Joined: Apr 21, 2004
Posts: 21
Location: Chicago, IL USA
|
Posted: Mon Dec 27, 2004 3:36 am
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
This worm is not forgiving anyone, not even vBulletin.
Mesum's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.33/4.0.22-standard/4.3.9/Nuke Gangsta Edition
|
|
| Back to top |
|
|
djdevon3
Gold Supporter
Offline
Joined: Aug 05, 2004
Posts: 4363
|
Posted: Mon Dec 27, 2004 5:52 am
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
127.0.0.1 is the ip address given to your own computer as default. Everyone's computer address is 127.0.0.1. It's your localhost.
It's just substituting the server name "localhost" for "127.0.0.1"
A rewrite rule is to prevent it I gather. Probably doesn't have anything to do with the worm code itself.
Any website that has a viewtopic.php file will be crawled by the worm and if your running the old phpbb version it could be compromised. I don't think it depends on a specific cms or php flat file. It's got to do with the coding within viewtopic.php and the php version of the server.
Insecure coding in phpbb's viewtopic.php PLUS Server php version 1.x.x = hacked by santy worm.
djdevon3's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.33/4.4/4.3.11
|
|
| Back to top |
|
|
xfsunoles
XHTML Specialist
Offline
Joined: Apr 30, 2004
Posts: 2502
Location: Melbourne, Florida
|
Posted: Mon Dec 27, 2004 5:59 am
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
no place like home is 127.0.0.1
_________________
Firefox is my Favorite Browser
xfsunoles's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Apache/1.3.34 (Unix)/4.0.25-standard/4.4.1/CVS
|
|
| Back to top |
|
|
tank
Gold Supporter
Offline
Joined: Apr 20, 2004
Posts: 824
Location: Houston, Texas USA
|
Posted: Mon Dec 27, 2004 12:42 pm
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
That's right. I knew that IP seemed familiar to me for some reaon  I guess the rewrite rule would just have them loop back to themselves or something.
_________________
Search is your friend
tank's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora Core 1, Apache 1.3.33, Mysql 4.1.14, PHP 5.0.5 w/ APC cache, Dragonfly 9.0.6.1
|
|
| Back to top |
|
|
xfsunoles
XHTML Specialist
Offline
Joined: Apr 30, 2004
Posts: 2502
Location: Melbourne, Florida
|
|
| Back to top |
|
|
tank
Gold Supporter
Offline
Joined: Apr 20, 2004
Posts: 824
Location: Houston, Texas USA
|
Posted: Mon Dec 27, 2004 7:30 pm
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
_________________
Search is your friend
tank's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora Core 1, Apache 1.3.33, Mysql 4.1.14, PHP 5.0.5 w/ APC cache, Dragonfly 9.0.6.1
|
|
| Back to top |
|
|
Head-e
Silver Supporter
Offline
Joined: Apr 20, 2004
Posts: 937
|
Posted: Mon Dec 27, 2004 8:06 pm
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
Today i tried loging into my admin on my only live cpg test site atm, and the admin pw was changed.. I am the only admin, and it wasnt me... i used the pw recovery method in the FAQ and everything is ok, but is this related, or could my table have possibly been corrupted?
Head-e please enter your server specs in your user profile! 
|
|
| Back to top |
|
|
Stephen
Silver Supporter
Offline
Joined: Apr 21, 2004
Posts: 734
|
Posted: Mon Dec 27, 2004 8:43 pm
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
Head-e, check your authors/admin table to make sure your not the only one in there 
Stephen's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Cent OS :: 1.3.34 :: 4.1.13 :: 4.4.2 :: CVS
|
|
| Back to top |
|
|
corky
Supporter
Offline
Joined: Apr 21, 2004
Posts: 292
Location: Fontana, California
|
Posted: Mon Dec 27, 2004 8:49 pm
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
You could also check your users table too see if there are any crazy names like H$$ack37rs or like Cra3ck3rz, and if so you might want to delete those guys too.
_________________
CHECK OUT THE FASTEST GROWING IMAGE UPLOADER ON THE NET!
corky's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/Apache 1.3.31 /PHP 4.3.9/mySQL 4.0.20 / 8.2b
|
|
| Back to top |
|
|
tank
Gold Supporter
Offline
Joined: Apr 20, 2004
Posts: 824
Location: Houston, Texas USA
|
Posted: Mon Dec 27, 2004 10:18 pm
Post subject: Re: Help CPG-Nuke is under attack LMAO |
|
Be sure to check your logs.
_________________
Search is your friend
tank's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora Core 1, Apache 1.3.33, Mysql 4.1.14, PHP 5.0.5 w/ APC cache, Dragonfly 9.0.6.1
|
|
| Back to top |
|
|
|
|
Forum FAQ
Log in to check your private messages
Login
Search
