News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Anoymous hacking tip off

Started by Silvershark78, January 03, 2013, 05:32:04 PM

Previous topic - Next topic

Silvershark78

Oh I found out tonight way earlier and forgot to mention. The last time they got in (and I have reason to believe it was an inside job) when they changed the moderation to prevent people from posting, they also gave guests admin powers
Still have lots to learn

Silvershark78

Is there a way to ban just on IP addresses? I have an IP that is pulling some stuff and I think it might be a hack attemp.
It says this
Quote2: preg_replace() [<a href='function.preg-replace'>function.preg-replace</a>]: Compilation failed: invalid UTF-8 string at offset 7
Still have lots to learn

kat

Quote from: Silvershark78 on January 04, 2013, 01:48:58 AM(and I have reason to believe it was an inside job)

As has been mentioned, only allow yourself the permissions. That way, an inside job can't happen.

Silvershark78

I was the only one. My error logs show attempted hacks into admin from a moderator??? Don't know anymore. All I know is that string above scares me evn though I don't know what it would do.
Still have lots to learn

kat

Well, as has been noted, your best defence is obvious, really.

Whatever else you do, keep regular and, in this case, frequent backups.

That way, whoever hacks you, in whatever way, you can just restore a backup.

As has also been noted, give your host a wave. I would say that that's the place to get the best help, with this.

Silvershark78

Thanks for the advice this time guys :) I appreciate it. The only question I still have that wasn't answered was if there is a way to ban an IP without it being a member
Still have lots to learn

kat

Yeah, just add it to your ban list. Or, do the ol' .htaccess thing.

order allow,deny
deny from 192.168.44.201
deny from 224.39.163.12
deny from 172.16.7.92
allow from all

Kinda thing.

The Craw

IP banning isn't enough to stop even a complete noob hacker, as they could just use a proxy. Plus a lot of people (myself included) have dynamic IP addresses that change on a regular basis.

Silvershark78

Dynamic? as opposed to static. Correct?
Still have lots to learn

Colin

Quote from: Silvershark78 on January 04, 2013, 11:09:53 AM
Dynamic? as opposed to static. Correct?
Indeed, if you don't pay extra for a static IP from your ISP you will have a dynamic one. (In most cases).
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

Silvershark78

OK, here is a good question, in my mind at least. Through Cpanel, I have the option to password protect directories. Can I protect say, the source folder, without having forum users being prompted to enter passwords. Or are they going to get that pop up if they try to attach an image. Please keep in mind I am a total newb. I am not very certain what directories function for what purpose. If password protection is a good idea, what would be the best directories to protect
Still have lots to learn

Silvershark78

OK scratch that question. support told me that is a useless basically and will only cause problems. Unless you guys have suggestions
Still have lots to learn

Arantor

QuoteI have an IP that is pulling some stuff and I think it might be a hack attemp.

I don't think it's a hack attempt, but it would be interesting to know a bit more, like where that error actually occurs, and what the IP address is trying to do, exactly.

Silvershark78

does this gove you anymore infor???  :-\

File: /home/silver78/public_html/forums/Sources/Subs-Post.php
Line: 1279
Still have lots to learn

Arantor

That gives me a little more information. But not a lot.

What is the URL logged when this error occurs, exactly? (This is *really* important. I can't tell you what you want to know without knowing that.)

Silvershark78

Still have lots to learn

Arantor

You could have just saved time by copying/pasting the entire entry from the error log rather than providing one line at a time...

Anyway... that URL is interesting, because it shouldn't be causing the errors you're seeing. Do you see errors like that one consistently? Do you have a lot of people who don't use English on your forum?

Silvershark78

Happened again but this time from a member. he flooded my logs with all kinds of different errors. But I picked this one since it was similar. He is a paid member but that doesn't mean anything. And I don't believe I have anyone that doesnt speak english, at least as a second language

http://hyundaimotorclub.com/forums/index.php?action=portal;sa=shoutbox;shoutbox_id=1;time=1357338125;xml

2: preg_replace() [<a href='function.preg-replace'>function.preg-replace</a>]: Compilation failed: invalid UTF-8 string at offset 7

File: /home/silver78/public_html/forums/Sources/Subs-Post.php
Line: 1279
Still have lots to learn

Arantor

OK, so the next step then, can you download your server's copy of Subs-Post.php and attach it here please? I want to check that line 1279 is the same line 1279 in my copy of SMF...

Silvershark78

can you guide me where to find that file? I will be happy to dig it up, but where do I go about finding it
Still have lots to learn

Advertisement: