News:

SMF 2.1.3 has been released! Take it for a spin! Read more.

Main Menu

password incorrect errors

Started by tempneff, February 01, 2011, 01:15:23 AM

Previous topic - Next topic

butchs

Ah, that is why there is a hit rate test.

Do you have the injection uri string?  If it is safe, want to trade injections via PM?
8)  :P
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Arantor

The URL was http://arantor.org/index.php?action=login2 submitted via POST. Nothing special, nothing suspicious. Requests are 4 to 8 minutes apart, from all different IPs.

My patch was very specific for the scenario generated by this bot.

butchs

Understood, you were looking at a log and were unable to capture the string.  Nevertheless, good work stopping it.

PM will be sent soon.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Arantor

Yes, I was looking at some custom logs, which I'd written myself ;) Which included a lot more than normal, not least all of the contents of $_SERVER, apache_request_headers() and a few other things, though I gave limited logging to others.

Norv

Please see, for further information and options,
Simple Machines Forums attacks

butchs, I appreciate any informations you could give about the specific pattern of the attack on your forum.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

butchs

Pattern of attacks?  I covered all the ones I know with my mod.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

butchs

lethal-danger can you please repost your questions over the Forum Firewall support board before I get into any more trouble with Norv?  His cat looks meaner than mine...   :-\
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Norv

LOL, I can fix that. :D

Though for now, I like it!
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

Advertisement: