Results 1 to 5 of 5

Thread: There is a malicious user on this forum.

  1. #1
    Join Date
    Feb 2011
    Posts
    10

    Default There is a malicious user on this forum.

    Hello, today a user from this forum tried to access my vShare installation. They failed, however I felt I should alert the community of it.

    I'm attaching the log files. As you can see, a user from this forum found my vShare installation through my showcase thread (here) through the referrer information. The malicious user's IP is 71.56.249.217 and it resolves to Denver, CO in the US: 71.56.249.217/c-71-56-249-217.hsd1.co.comcast.net IP Address WHOIS | DomainTools.com

    Luckily I protect my Admin CP using password-protected .htaccess file.

    Code:
    xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:29:07 -0500] "GET / HTTP/1.1" 302 512 "http://forums.buyscripts.in/showcase-your-site/9277-beercandle-videos.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
    xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:18 -0500] "GET / HTTP/1.1" 302 512 "http://forums.buyscripts.in/showcase-your-site/9277-beercandle-videos.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
    xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:18 -0500] "GET / HTTP/1.1" 200 10754 "http://forums.buyscripts.in/showcase-your-site/9277-beercandle-videos.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
    xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:22 -0500] "GET /admin HTTP/1.1" 401 644 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
    xxx_access_log:71.56.249.217 - admin [26/Oct/2011:00:52:27 -0500] "GET /admin HTTP/1.1" 401 180 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
    xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:30 -0500] "GET / HTTP/1.1" 200 5844 "http://forums.buyscripts.in/showcase-your-site/9277-beercandle-videos.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
    xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:30 -0500] "GET /recent_viewed_xml.php HTTP/1.1" 200 532 "https://video.beercandle.com/player/recent.swf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
    xxx_error_log:[Wed Oct 26 00:52:27 2011] [error] [client 71.56.249.217] user admin not found: /admin

  2. #2
    Join Date
    Sep 2007
    Posts
    906

    Default

    He tried to access your admin page. Many do this, just accessing a page is not hacking attempt. Do you have admin folder password protected with .htaccess ? You can limit admin folder access to your IP using .htaccess like

    Code:
    order deny,allow
    deny from all
    allow from YOUR_IP_HERE
    vShare Hosting, vShare Installation, Server Setup, Lighttpd streaming, vShare Templates
    [email protected]

  3. #3
    Join Date
    Feb 2011
    Posts
    10

    Default

    Yes, my /admin is protected with .htaccess. But still, what use does someone have trying to access your /admin if it's not for malicious purposes? I surely don't go around trying to access the admin panels of websites I do not own.

    You can remove this thread if you want... :-)

  4. #4
    Join Date
    Sep 2007
    Posts
    906

    Default

    I had tried to access admin folder of some sites, just to see what cms/software the site is using. If he was trying to hack, he would have lot of access logs. Many POST, GET, sql injection in logs etc..
    vShare Hosting, vShare Installation, Server Setup, Lighttpd streaming, vShare Templates
    [email protected]

  5. #5
    Join Date
    Feb 2011
    Posts
    10

    Default

    Fair enough.

    I think I overreacted. You can remove this thread hostonnet. :)

    Thank you.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •