11
snakes
Re: Weblinks + Might be a DOS attack .... need a sec opinion !!!
  • 2005/10/3 8:08

  • snakes

  • Just popping in

  • Posts: 69

  • Since: 2004/8/8 0


For your DOS attack.
It is an attack to sshd not to mysqld.
Someone is trying to access to the server ssh daemon.
ssh is a secure Telnet that allow you to control the server in linux/unix command line.

Those attacks should not ba harmful cuz they all failed.

When I access the "popular site" page, I get all, the content AND the "xoops theme" not a white background. I get ALL.

Kewl for the thumbs.

12
snakes
Re: Weblinks + Might be a DOS attack .... need a sec opinion !!!
  • 2005/10/3 18:22

  • snakes

  • Just popping in

  • Posts: 69

  • Since: 2004/8/8 0


some more lines to modify
templates/weblinks_link.html (about line 186)
<{if $link.flag_url == 1}>
    
    <
a href="<{$link.url}>" onmousedown="return weblinks_hardlink(this,<{$link.lid}>)" target="_blank">
  <{/if}>


templates/weblinks_linklist.html (about line 67)
<{if $link.flag_url == 1}>
    
    <
a href="<{$link.url}>" onmousedown="return weblinks_hardlink(this,<{$link.lid}>)" target="_blank">
  <{/if}>

13
tzvook
Re: Might be a DOS attack .... need a sec opinion !!!
  • 2005/10/3 22:38

  • tzvook

  • Just can't stay away

  • Posts: 875

  • Since: 2003/2/1 2


Hi snakes ... All

Yep I know it was on the sshd service, but it seems that what suffer most from the server load is the MySql service.
All sites got slowed, but those that use database services has a lot of timeouts.

Those Hacker-kiddies, they think it's all a game.

Quote:
Those attacks should not ba harmful cuz they all failed.


But it slows my server !!!
and it keeps on comming for 2 weeks now !!!

14
jdseymour
Re: Might be a DOS attack .... need a sec opinion !!!

Check this Web Page on protecting Linux against automated attacks. I personally use the small python script Blockhost it detects and bans the IP of the attacker after a specified number of attempts.

HTH.

15
tzvook
Re: Might be a DOS attack .... need a sec opinion !!!
  • 2005/10/4 17:58

  • tzvook

  • Just can't stay away

  • Posts: 875

  • Since: 2003/2/1 2


10x jdseymour
I don't use python, but If attacks won't stop I will ...

16
snakes
Re: Might be a DOS attack .... need a sec opinion !!!
  • 2005/10/4 21:05

  • snakes

  • Just popping in

  • Posts: 69

  • Since: 2004/8/8 0


tzvook: here is a little present for you if you are using FireFox.
Meant4u Gifts Toolbar

Save it on the harddisk and drag 'n drop to the browser.

17
Chappy
Re: Might be a DOS attack .... need a sec opinion !!!
  • 2005/10/5 4:23

  • Chappy

  • Friend of XOOPS

  • Posts: 456

  • Since: 2002/12/14


I tried hacking this as you said several times over several days, never to any success.
Basically, you edit header, as you said; weblinks_link in two places; you edit weblinks_linklist in two places. You update the weblinks module.

I did all this several times. Tonight I updated the files again because the second set of changes wasn't originally posted. It still didn't work.

In weblinks_link, somewhere right around line 200, the code is as follows: Quote:
<{if $link.flag_url == 1}><{/if}>


Does that also need similar treatment?

THere may be a similar situation in weblinks_links.

Anyway, would it be possible to get copies of these files, maybe even put them in the modules area or one of the other XOOPS sites?
MMM...It tastes like chicken! ...

18
snakes
Re: Might be a DOS attack .... need a sec opinion !!!
  • 2005/10/5 13:05

  • snakes

  • Just popping in

  • Posts: 69

  • Since: 2004/8/8 0


Line 200 is OK, no need to be changed.

Here are the modifications from the begining:

weblinks/templates/weblinks_header.html
<script language="javascript">
function 
weblinks_hardlink(link,lid){
  
link.href='<{$module_url}>/visit.php?lid=' lid;
  return 
true;
}
script>
This code is to be added on the first line of the file

weblinks/templates/weblinks_link.html (about line 6) and
weblinks/templates/weblinks_linklist.html (about line 6)
replace
<a href="<{$module_url}>/visit.php?lid=<{$link.lid}>" target="_blank">
with
<a href="<{$link.url}>" onmousedown="return weblinks_hardlink(this,<{$link.lid}>)" target="_blank">

templates/weblinks_link.html (about line 186)
The code should look like this:
<{if $link.flag_url == 1}>
    
    <
a href="<{$link.url}>" onmousedown="return weblinks_hardlink(this,<{$link.lid}>)" target="_blank">
  <{/if}>

templates/weblinks_linklist.html (about line 67)
The code should look like this:
<{if $link.flag_url == 1}>
    
    <
a href="<{$link.url}>" onmousedown="return weblinks_hardlink(this,<{$link.lid}>)" target="_blank">
  <{/if}>


In fact I added a javascript function that will dynamically (on the fly) change a hardlink into a redirection link.
Now in every templates file, I'm looking for a link to visit.php (this is the file that do the redirection). And I
change this link into the real hardlink and add a call to the javascript function. Thus when a guy click on the hardlink,
the browser first call the javascript function that change the hardlink into redir, and then the browser load the changed URL.

My own php and templates files of weblinks have been changed a lot of time to suit my needs for my website. I cannot post them all.

If you need, send me a mail with your weblinks_header.html, weblinks_link.html and weblink_linklist.html to support at goloom d0t com

19
tzvook
Re: Might be a DOS attack .... need a sec opinion !!!
  • 2005/10/5 20:21

  • tzvook

  • Just can't stay away

  • Posts: 875

  • Since: 2003/2/1 2


Quote:

snakes wrote:
tzvook: here is a little present for you if you are using FireFox.
Meant4u Gifts Toolbar

Save it on the harddisk and drag 'n drop to the browser.


10x snakes
I do use Firefox, but it's not 1.4 compatiable - so I can't see the Toolbar
I'll try tommorow @ office
10x

20
snakes
Re: Might be a DOS attack .... need a sec opinion !!!
  • 2005/10/6 7:35

  • snakes

  • Just popping in

  • Posts: 69

  • Since: 2004/8/8 0


Just in case you want to personnalize it.
Firefox Toolbar Tutorial.
In fact the .XPI files are just .ZIP files.
And all contents are editable.

Login

Who's Online

372 user(s) are online (274 user(s) are browsing Support Forums)


Members: 0


Guests: 372


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits