MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > the guests who I can't see where are they...
Full Version: the guests who I can't see where are they...
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

separate

2007-06-18, 11:51 AM
hello and sorry for my poor english firstly...

a week ago somebody attacked my site 91 times and cracker tracker logged it, the logs are look like;

2007-06-09, 23:58:01, 1181422704, 84.16.240.251, forums=19&postthread=1&keywords=%22%3e+%3ca+href%3dhttp%3a%2f%2fblackpussy.pornzonehost.com%2fxxx-black-pussy.html%3eveggi%3c%2fa%3e&action=do_search, Java/1.6.0
2007-06-10, 14:20:31, 1181474454, 84.16.240.251, forums=19&postthread=1&keywords=%22%3e+%3ca+href%3dhttp%3a%2f%2fblackpussy.pornzonehost.com%2fxxx-black-pussy.html%3eryokb%3c%2fa%3e&action=do_search, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
2007-06-10, 14:20:32, 1181474455, 84.16.240.251, forums=19&postthread=1&keywords=%22%3e+%3ca+href%3dhttp%3a%2f%2fblackpussy.pornzonehost.com%2fxxx-black-pussy.html%3eryokb%3c%2fa%3e&action=do_search, Java/1.6.0
2007-06-10, 14:20:44, 1181474467, 84.16.240.251, forums=19&postthread=1&keywords=%22%3e+%3ca+href%3dhttp%3a%2f%2fblackpussy.pornzonehost.com%2fxxx-black-pussy.html%3eryokb%3c%2fa%3e&action=do_search, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)...

then I banned the attacker ip and then the attacks ended... but after that I saw interesting event... a lot of guest wiewed the same thread along two or three days... then I moved that thread to trash can, at this time a lot of guest looked the no permissions area... then I deleted that interesting topic; and this time in whois online page, a lot of guests reading thread...

[Image: thread.gif]
I hope I tell my problem correctly...

patrick_2007

2007-06-18, 12:50 PM
cracker IP is from ns2.e4-host.com, it's a web hosting service so if you want find this cracker start there. This IP it's a web-server from this host so they can "delete" him Wink
IP's for guest are form ttnet.net.tr

If you want more informations about how they can looking this thread please give me your www

separate

2007-06-18, 12:53 PM
http://forum.alternatifiz.biz thanks patrick...

patrick_2007

2007-06-18, 12:57 PM
separate Wrote:http://forum.alternatifiz.biz thanks patrick...
ups, it's only 1 problem: this server not exists ???

separate

2007-06-18, 01:10 PM
this problem is in Turkish web server ttnet's dns problem, we have a bad connection unfortunately...

patrick_2007

2007-06-18, 01:26 PM
maybe give me your server's IP - then i can go via IP (http://xxx.xxx.xxx.xxx)
ok, i find you: http://evren31.thoforum.com/
I can' connect to your server. I see only phpBB Sad - this is too "http://forum.alternatifiz.biz"
Maybe try write more details.

I know, when you try http://yoursite.com/forum/index.php? + data from your log forums=1&postthread=1&keywords=%22%3e+%3ca+href%3dhttp%3a%2f%2fblackpussy.pornzonehost.com%2fxxx-black-pussy.html%3eveggi%3c%2fa%3e&action=do_search/
it's possible that php show info:

MySQLi error: 1406
Data too long for column 'location' at row 1
Query: UPDATE mybb_sessions SET uid='1', time='1182176805', location='/forum_bb/index.php?forums=1&postthread=1&keywords=%22%3e+%3ca+href%3dhttp%3a%2f%2fblackpussy.pornzonehost.com%2fxxx-black-pussy.html%3eveggi%3c%2fa%3e&action=do_search', useragent='bwh3_user_agent', location1='x', location2='x', nopermission='x' WHERE sid='xxx'

separate

2007-06-19, 09:41 PM
I add the {$user['tid']} code in online_row templates, and after that I can see the topics id number in online page... the guests who are reading threads looks the thread which id's 514... and this thread (which id's 514) was deleted by me in the past...

the guests looks the the thread which was deleted, is it a bug?...
this thread was cached by google; http://www.google.com.tr/search?hl=tr&q=...z+514&meta= ...

patrick_2007

2007-06-19, 10:06 PM
You can contact with google.
!!! never give to public area data from your base.
Maybe i can help you, but is better when you PM to myBB service-man. I'm not in myBB service, but you can be should that they are the best Smile
Check in your database for posts with tid=514 and remove this by "delete from ... where tid=514"
whois can show you this location even if location is wrong. I have deleted test-thread #9 and i go to http://...fid=xx&tid=9 and in session table i see, that my position is "http://...fid=xx&tid=9", you can try the same way to see how this working Wink
Nobody can see this if this is deleted from database

separate

2007-06-20, 01:15 AM
dear patrick, thanks to your messages...

only a last problem is availableSmileSmileSmile, why a lot of different guests try to visit this deleted topic day by day, I hope one day I solve this interesting problem...

patrick_2007

2007-06-20, 02:29 AM
separate Wrote:dear patrick, thanks to your messages...

only a last problem is availableSmileSmileSmile, why a lot of different guests try to visit this deleted topic day by day, I hope one day I solve this interesting problem...
1) So, at this moment i can give you only one answer for this question:
Google.
I find in google about 300 forums and blogs with posts having the same profile

2) Some young "crakers" like show links to cracked pages to friends. Old cracker know that he must clean logs Wink
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > the guests who I can't see where are they...