Bigjohn

why do they spend all their effort defacing and hacking? They should be writing awesome applications instead...

__________________
Proud to be a Surmunity Mod!
XEON PASS60 PASS61
Make a fundamental difference!
My Sites:
Curious about Brewing Beer? Join the community!
>>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax
Get into an Art museum
Victorian London
It's your brain -ON WEB - mybrainhost.com (under development)
What SHOULD Government do? Much Less than it Does!

schupp

I've always wondered the same, what is the joy in vandalism?
However I don't think it is about that so much anymore. The trend is now that the more talented hackers (not the immature script kiddy bums) are being *paid* by spammers, thiefs, and terrorists to write hacks for their needs.

Grab your raw logs and have a look. If you don't see hack attempts I'd be very surprised. Back track some of them and you'll bump into some very unsavoury people. I've seen a few that could very well have been serious terror groups.

It is up to all the site owners to keep their sites secure. I wish people cared but too many don't, they just want that blingy piece of crap on their site no matter what it does to everyone else. It only takes one per server and no doubt that number is much higher.

__________________
Pass16
Pass39

Bigjohn

I'm just about ready to block any domain that comes from russia or china...

__________________
Proud to be a Surmunity Mod!
XEON PASS60 PASS61
Make a fundamental difference!
My Sites:
Curious about Brewing Beer? Join the community!
>>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax
Get into an Art museum
Victorian London
It's your brain -ON WEB - mybrainhost.com (under development)
What SHOULD Government do? Much Less than it Does!

schupp

I'm way ahead of ya.
My list of IP blocks slowly gets longer and longer....

Too bad that doesn't help when a neighbour site gets nailed and the script walks the server.

Look around, there is a massive crack campaign going on everywhere right now. I had a client in NYC that doesn't use Surpass but is having big trouble with routing caused by these attacks.

__________________
Pass16
Pass39

Skipdawg

I've already done that. Got tired of all the spam and always seeing searches for exploits in the error log. So I just shut down all from .cn and .ru

__________________

MarkRH

I get at least 100 attempts a day to add crap into my Guestbook. I also get a number of attempts that show up in my error log to access non-existant guestbook pages and scripts. Most of these, I imagine, are attempts to add links to their or their client's websites to improve search page ranking in which part of the page ranking algorithm is based on how many other pages link back to it. I've noticed a few of these attempts have been from other webhost companies.

I remember one day about a year or two (time flies) ago, I came home to discover 55 ads in my guestbook for Online Casino Sites. This was before I added all the protections I have now.

Stupid bots, hackers..

__________________

Bigjohn

what protections do you have, Mark?

__________________
Proud to be a Surmunity Mod!
XEON PASS60 PASS61
Make a fundamental difference!
My Sites:
Curious about Brewing Beer? Join the community!
>>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax
Get into an Art museum
Victorian London
It's your brain -ON WEB - mybrainhost.com (under development)
What SHOULD Government do? Much Less than it Does!

MarkRH

I had been using the ever popular Matt Wright's Perl Guestbook script that has been around for many years. I re-wrote a new one from scratch using PHP.. doing that alone has prevented all the attempts at running /cgi-bin/guestbook.pl as that no longer exists on my site.

The main thing I do now is generate a random 5 character gif image everytime the add entry page is loaded that the user has to enter into the form and must of course match. The correct random value is stored in a SESSION variable which gets passed to the form handling script. I also use a hidden field that contains the field names of the items that must be completed.

About 99 percent of the attempts fail because the SESSION variable itself does not exist (which tells me that it did not even call the script that generates the image) and about 1% are blocked because the hidden field name does not exist, which tells me they weren't even using my form.

I should save what they were trying to add in some file somewhere hmmm..

__________________

twirp

if you allow .rar, .zip, .tar, or basically any archive to be uploaded to your site, someone can upload malicious php code.
i.e. bleh.php.zip or bleh.php.rar (these files have nothing bad, just ask for a name, and then they say hello).
but as you can see the extension is .php.zip if it were changed to just .zip, the code won't execute.
so it's best to rename the file that is being uploaded, and posibly scan the file for coding...

__________________