Re: Protector: DirTraversal [Module usage questions]

1

Protector: DirTraversal

2009/3/15 21:04
limecity
Friend of XOOPS
Posts: 1602
Since: 2003/7/6 0

Quote:

2009/3/16 3:58:42 Guests 78.47.16.162
DataCha0s/2.0 DirTraversal Directory Traversal '../../../../../../../../../../../../../../../../../../../../../../../etc/passwd\0' found.

Found that in my protector log. What does it mean?

http://www.mounthiking.com
all your hiking gears and gadgets

2

Re: Protector: DirTraversal

2009/3/15 21:31
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

That Protector has detected and stopped someone his attempt to hack your site.
You may block this IP or net, if you don't need the traffic. Look it up with WHOIS and if it is a serious hoster or ISP (most West-European are), you might consider them to send a mail with the relevant data (only from that IP and server time verified) from the Apache log to their spam or abuse email contact address.

The art of asking questions.

3

Re: Protector: DirTraversal

2009/3/16 4:30
limecity
Friend of XOOPS
Posts: 1602
Since: 2003/7/6 0

ah... thank god for protector

http://www.mounthiking.com
all your hiking gears and gadgets

4

Re: Protector: DirTraversal

2009/3/16 13:33
trabis
Core Developer
Posts: 2269
Since: 2006/9/1 1

Quote:

limecity wrote:
ah... thank god for protector

Actually, thank giJoe. Consider doing him a donation.

LatinoPoemas

5

Re: Protector: DirTraversal

2009/3/16 13:57
Anonymous
Posts: 0
Since:

Quote:

trabis wrote:

Actually, thank giJoe. Consider doing him a donation.

Yep - top chap and top module....... caught over 1900 sql-injection attempts in 13 minutes on my site a few weeks ago.

6

Re: Protector: DirTraversal

2009/3/17 0:09
sailjapan
Moderator
Posts: 1672
Since: 2005/11/16

where do you access the protector log? I can't see it in protector's preferences...

Never let a man who does not believe something can be done, talk to a man that is doing it.

7

Re: Protector: DirTraversal

2009/3/17 0:24
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

It's in admin - modules - protector - protect center: /modules/protector/admin/index.php

The art of asking questions.

8

Re: Protector: DirTraversal

2009/3/17 0:28
sailjapan
Moderator
Posts: 1672
Since: 2005/11/16

ah. It's empty so I didn't notice it. Does that mean no-one's tried anything naughty on my site?

Never let a man who does not believe something can be done, talk to a man that is doing it.

9

Re: Protector: DirTraversal

2009/3/17 1:06
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Under the security advisory tab you find two links to check if Protector works. It should also make log entries, if your preferences are set to take action.

The art of asking questions.

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Protector: DirTraversal

Re: Protector: DirTraversal

Re: Protector: DirTraversal

Re: Protector: DirTraversal

Re: Protector: DirTraversal

Re: Protector: DirTraversal

Re: Protector: DirTraversal

Re: Protector: DirTraversal

Re: Protector: DirTraversal

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}