I got this email last night and has me wondering what the heck:
Subject: - possible security attack
Has anyone else seen this? And what should be done?
Has anyone gotten an email like this?
 |
This is a serious hack attack, but protected by the new security system from D7 Kids first |
Thanks for the tip! So, I don't have to do anything about it? |
only what you can do is check your ftp dirs if there is a file with the nam you see in the mail.. Kids first |
Thanks, I just checked and everything seems to be fine. |
I got 100s of mails like this and still receving! I dont know how to stop this. Any ideas? |
Try this: Kids first |
I got 100s of mails like this and still receving! I dont know how to stop this. Any ideas? aneesh, when exactly are you getting these security warning emails? you can change the security level threshhold, as this has been mentioned on numerous occassions in here now. administration --> settings --> advanced settings --> other --> security settings, there are two of them, change the default values. i would say this occurred like this because the software was sent out for a security audit, which by far was a great thing for all of us given the grand scheme of things. with that audit there were recommendations given, and implentations put in place, and the fact that the developers didnt test uploading a video to the articles or blogs is not something i would fault them on. that would be similar to Dodge releasing the new Ram 2500 HD, and somebody buying it and then complaining because the truck would pully 1b tons. well the fact of the matter is that it wasnt designed for that action. that is what we are seeing in here in regards to the security feature, is that the users are trying to get the software to do something that in all actuality it was designed to do. anyhow, that is my belief, could be wrong, but just thought i would share what i think is causing these headaches for all of you fellas trying to upload videos to articles, blogs, and wherever else the problem is arising from. Regards, DosDawg Happy New Year When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
Try this: @killerhai, i was writing to this person the same time you were posting the information from another post. Happy New Year DosDawg When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
Personally i got sick of it and raised both to 99. That was before i knew you could use -1 to disable. I am not exactly convinced -1 actually works. https://www.deanbassett.com |
Personally i got sick of it and raised both to 99. That was before i knew you could use -1 to disable. I am not exactly convinced -1 actually works. well i was testing RC4, and the settings were increased by me as well to some off the hook number as well. yeah i think this needs to be addressed with boonex developers if you can actually disable this notifier, because they certainly didnt write that anywhere, not even when they were posting on the RC's when this issue was running rampant. im sure we will all get it together soon. Regards, DosDawg Happy New Year When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
Personally i got sick of it and raised both to 99. That was before i knew you could use -1 to disable. I am not exactly convinced -1 actually works. well i was testing RC4, and the settings were increased by me as well to some off the hook number as well. yeah i think this needs to be addressed with boonex developers if you can actually disable this notifier, because they certainly didnt write that anywhere, not even when they were posting on the RC's when this issue was running rampant. im sure we will all get it together soon. Regards, DosDawg Happy New Year LOL. I was at one point getting so many of these i feared you would suspend my hosting for overwhelming your mail servers. https://www.deanbassett.com |
Thanks killerhai and DosDawg. I changed the values to 51. Here is the body of the last email I got... ================================== Total impact: 12 Affected tags: sqli, id, lfi Variable: REQUEST.Height.0 | Value: 5\' 6\" Impact: 6 | Tags: sqli, id, lfi Description: Detects classic SQL injection probings 1/2 | Tags: sqli, id, lfi | ID: 42 Variable: POST.Height.0 | Value: 5\' 6\" Impact: 6 | Tags: sqli, id, lfi Description: Detects classic SQL injection probings 1/2 | Tags: sqli, id, lfi | ID: 42 REMOTE_ADDR: 86.96.228.85 HTTP_X_FORWARDED_FOR: 92.98.56.84 HTTP_CLIENT_IP: SCRIPT_FILENAME: /home/wmalluju/public_html/pedit.php QUERY_STRING: ID=2 REQUEST_URI: /pedit.php?ID=2 QUERY_STRING: ID=2 SCRIPT_NAME: /pedit.php PHP_SELF: /pedit.php ================================== |
Thanks killerhai and DosDawg. I changed the values to 51. Here is the body of the last email I got... ================================== Total impact: 12 Affected tags: sqli, id, lfi Variable: REQUEST.Height.0 | Value: 5\' 6\" Impact: 6 | Tags: sqli, id, lfi Description: Detects classic SQL injection probings 1/2 | Tags: sqli, id, lfi | ID: 42 Variable: POST.Height.0 | Value: 5\' 6\" Impact: 6 | Tags: sqli, id, lfi Description: Detects classic SQL injection probings 1/2 | Tags: sqli, id, lfi | ID: 42 REMOTE_ADDR: 86.96.228.85 HTTP_X_FORWARDED_FOR: 92.98.56.84 HTTP_CLIENT_IP: SCRIPT_FILENAME: /home/wmalluju/public_html/pedit.php QUERY_STRING: ID=2 REQUEST_URI: /pedit.php?ID=2 QUERY_STRING: ID=2 SCRIPT_NAME: /pedit.php PHP_SELF: /pedit.php ================================== @aneesh what exactly is being done in order to get these messages, it appears that the profile is being edited or attempting to be edited by the ID=2. do you know what this user is doing or trying to do? but again, if you have changed the impact setting, you should not be getting this message, unless it was an older message that just got sent to you. Regards, DosDawg When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
DosDawg, The ID number 2 is my own test user. I added 2 music and 2 video files yesterday and did some settings changes today as well. Why security warning and attack notice for that? Please advise. -aneesh |
I had an attack today, showing no one online and recieved 114 emails. I suspected it to be someone trying to rip my template, and now have the following inserted some blocking rules into my htaccess, here is a link to a set of rules some folk might find useful... although i have added others too. |
DosDawg, The ID number 2 is my own test user. I added 2 music and 2 video files yesterday and did some settings changes today as well. Why security warning and attack notice for that? Please advise. -aneesh have you adjusted your security settings from admin, from the default settings. dolphin_jay and i have spent a few hours testing what triggers this security warning. -1 on both will stop the notices, its been said that it disables it, dont know for sure, need more testing, but also we set it to 300 on both and received impact 132 warning, so that was weird in itself then we set it to 1000 and this allowed the copy and paste and that is how we tested was based on an actual injection. Regards, DosDawg When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
I just did a fresh install of 7 and I am now getting these warnings.. I did what you guys said which was to add -1 to both settings.. but I had to do it in phpmyadmin since I can not access anything on the site...I'm still getting 100s of emails!! lol Any ideas?? |
I just did a fresh install of 7 and I am now getting these warnings.. I did what you guys said which was to add -1 to both settings.. but I had to do it in phpmyadmin since I can not access anything on the site...I'm still getting 100s of emails!! lol Any ideas?? Yes, contact an exorcist. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
I just did a fresh install of 7 and I am now getting these warnings.. I did what you guys said which was to add -1 to both settings.. but I had to do it in phpmyadmin since I can not access anything on the site...I'm still getting 100s of emails!! lol Any ideas?? Yes, contact an exorcist. lol..ok...now seriously... I just now reinstalled 7.. I dropped everything in the database...and it did it again.. I even cleared my cache... I don't get it... |
Just thought I would post this and see if it might help things... Total impact: 12 Affected tags: sqli, id, lfi Variable: REQUEST.seIM_userConfig | Value: {\"enableAudio\":true,\"enableTimestamp\":false} Impact: 6 | Tags: sqli, id, lfi Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43 Variable: COOKIE.seIM_userConfig | Value: {\"enableAudio\":true,\"enableTimestamp\":false} Impact: 6 | Tags: sqli, id, lfi Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43 Centrifuge detection data Threshold: 3.49 Ratio: 2.5 REMOTE_ADDR: xx.xxx.xxx.xxx HTTP_X_FORWARDED_FOR: HTTP_CLIENT_IP: SCRIPT_FILENAME: /***/***/***/***/***/profile.php QUERY_STRING: ID=404.shtml REQUEST_URI: /administration/administration/modules.php QUERY_STRING: ID=404.shtml SCRIPT_NAME: /profile.php PHP_SELF: /profile.php |
make sure you clear your cache and tmp folders..lol sorry but hope it helps someone else... :) |
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.