XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Modules Support forums / 
  3. Module troubleshooting 
  4.  / my Page will be Hacked
Register
1
monster
my Page will be Hacked

  • 2005/2/13 17:16

  • monster

  • Just popping in

  • Posts: 58

  • Since: 2004/12/28


13.02.2005 18:35 Gäste 62.227.96.219
IE 6.0 DoS
13.02.2005 18:35 Gäste 62.227.96.219
IE 6.0 CRAWLER
13.02.2005 18:34 Gäste 62.227.96.219
IE 6.0 DoS
13.02.2005 18:34 Gäste 62.227.96.219
IE 6.0 CRAWLER
13.02.2005 18:33 Gäste 62.227.96.219
IE 6.0 DoS
13.02.2005 18:33 Gäste 62.227.96.219
IE 6.0 CRAWLER
13.02.2005 18:32 Gäste 62.227.96.219
IE 6.0 DoS
13.02.2005 18:32 Gäste 62.227.96.219
IE 6.0 CRAWLER
13.02.2005 18:32 Gäste 62.227.96.219
IE 6.0 DoS
13.02.2005 18:32 Gäste 62.227.96.219
IE 6.0 CRAWLER
13.02.2005 18:32 Gäste 62.227.96.219
IE 6.0 DoS
13.02.2005 18:32 Gäste 62.227.96.219
IE 6.0 CRAWLER
13.02.2005 18:31 Gäste 62.227.96.219
IE 6.0 DoS
13.02.2005 18:09 Gäste 83.129.88.166
(ax) CRAWLER
13.02.2005 18:08 Gäste 83.129.88.166
(ax) DoS
13.02.2005 16:38 Gäste 217.227.187.163
IE 6.0 DoS

What can i do
I have protector 2.3.3
2
JMorris
Re: my Page will be Hacked

  • 2005/2/13 17:42

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


Use a tool like Netquery to obtain the proper contact information for the admin of that IP block and report the IP address.

Here's the WHOIS output from the 62.227.96.219 IP listed

Quote:
IP Whois Results [Clear]:
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% Seehttp://www.ripe.net/db/copyright.html
inetnum: 62.225.192.0 - 62.227.255.254
netname: DTAG-DIAL12
descr: Deutsche Telekom AG
country: DE
admin-c: DTIP
tech-c: DTST
status: ASSIGNED PA
remarks: ******************************************************************
remarks: * Abuse Contact:http://www.t-com.de/ip-abuse in case of Spam, *
remarks: * Hack Attacks, Illegal Activity, Violation, Scans, Probes, etc. *
remarks: ******************************************************************
remarks: size decremented -1 because otherwise RIPE SW is choking
remarks: correct end-address is 62.227.255.255 (lbo)
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20000512
changed: ripe.dtip@telekom.de 20030211
changed: ripe.dtip@telekom.de 20030910
changed: ripe.dtip@telekom.de 20040709
changed: ripe.dtip@telekom.de 20040907
source: RIPE
route: 62.224.0.0/14
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
member-of: AS3320:RS-PA-TELEKOM
mnt-by: DTAG-RR
changed: bp@nic.dtag.de 20000516
source: RIPE
changed: rv@TE142.T-COM.XX 20040615
person: DTAG Global IP-Addressing
address: Deutsche Telekom AG
address: D-90492 Nuernberg
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: ripe.dtip@telekom.de
nic-hdl: DTIP
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20031013
source: RIPE
person: Security Team
address: Deutsche Telekom AG
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: abuse@t-ipnet.de
nic-hdl: DTST
mnt-by: DTAG-NIC
changed: abuse@t-ipnet.de 20030210
source: RIPE
3
monster
Re: my Page will be Hacked

  • 2005/2/13 18:31

  • monster

  • Just popping in

  • Posts: 58

  • Since: 2004/12/28


its my pc
but i have norton internet security (firewall and virus scanner)
I have XOOPS and protector 2.3.3
how can i clean my system ?
4
DonXoop
Re: my Page will be Hacked

Two very different things the server thinking there is a DoS and your PC being infected or not. If this was a valid attack it still wouldn't mean that the pc is infected. Norton means nothing in this case.

Protector thinks you have hit the site quick enough to trigger the DoS threshold. That can happen if you're a busy admin.

So it likely is a false alarm. Personally I think that Protector is less useful than it is intended to be. Unless it is configured and reconfigured to tell the difference between normal and malicious activity you end up with a large number of alarms and no way to tell which is a real attack.

One question I still have about Protector is why does it show the attacks as coming from anonymous when they (in this case) are coming from a logged in user. If you have something like chat how do you allow it to run without false alarms and still protect against real attacks.

So you probably need to set some of the thresholds higher so it doesn't trigger attack logs that aren't.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

100 user(s) are online (37 user(s) are browsing Support Forums)

Members: 0

Guests: 100

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits