HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Attempt of hackers

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#68057 (In Topic #14483)
Avatar

Well-settled

43 trials

Solved
Again 10 attacks

What to do?


Last edit: by Beata

My trial to learn ocPortal
~~~~~~~~~~~~~~~~~
http://audrone.serveriai.lt/straipsniai/
Back to the top
 
Posted
Rating:
#68058
Avatar

Community saint

….details?
Were the attacks successful? What kind of attacks?
Back to the top
 
Posted
Rating:
#68059
Avatar

Well-settled

Brian Hay said

….details?
Were the attacks successful? What kind of attacks?

I have got again 12 attacks

The contents is:
 
A potential hacking attempt has been detected. Please do not be alarmed: approximately half of the suspected attempts are triggered innocently (the software intentionally has a paranoid security model, to give you very high security). Real hacking attempts are almost always caused by 'bots' (computer programs) that automatically crawl the internet looking for websites which may contain vulnerabilities, and then reporting any found vulnerabilities to their 'master' for future exploitation (usually, to assist in spam relaying). If this was a real hack attempt, it has failed - you might want to try and analyse the logged details (in case it gives clues to a real and persistant offender). More information on security is given in the software documentation.

Reason: Tried to post spam links
IP address: 216.118.70.2
Member ID: 1
Username: Guest
User Agent (typically, the web browser): Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01
Referrer: Send image as e-card - Apie mus ir apie juos
Operating System: Windows NT 5.1; U; en
Date and time: 11:35 AM
URL: /ocp/index.php?page=recommend&type=actual&subject=An+e-card+
just+for+you+%3B%29&page_title=Send+image+as+e-card&s_messag
e
=I+thought+you+might+like+this+e-card%21%0A%0A%5Bimg%5Dhttp%
3
A%2F%2Fwww.audrone.serveriai.lt%2Focp%2Fuploads%2Fgalleries%
2
Fzvakes.gif%5B%2Fimg%5D%0A%0AI+found+it+in+a+gallery+on+Apie
+
mus+ir+apie+juos%2C+here%27s+a+direct+link%3A%0Ahttp%3A%2F%2
F
www.audrone.serveriai.lt%2Focp%2Fsite%2Findex.php%3Fpage%3Dg
a
lleries%26type%3Dmisc%26id%3D2003%26keep_cache%3D0&keep_cach
e
=0&filtered=1

POST data…

Code
wrap_message => 1

MAX_FILE_SIZE => 20480000

comcode__message => 1

name => gaxdzxugbui

require__name => 1

recommender_email_address => nfespy@pwgvts.com

require__recommender_email_address => 1

email_address_0 => nfespy@pwgvts.com

label_for__email_address_0 => Your friend's e-mail address

email_address_1 => nfespy@pwgvts.com

label_for__email_address_1 => Your friend's e-mail address

email_address_2 => nfespy@pwgvts.com

label_for__email_address_2 => Your friend's e-mail address

email_address_3 => nfespy@pwgvts.com

label_for__email_address_3 => Your friend's e-mail address

email_address_4 => nfespy@pwgvts.com

label_for__email_address_4 => Your friend's e-mail address

email_address_5 => nfespy@pwgvts.com

label_for__email_address_5 => Your friend's e-mail address

email_address_6 => nfespy@pwgvts.com

label_for__email_address_6 => Your friend's e-mail address

email_address_7 => nfespy@pwgvts.com

label_for__email_address_7 => Your friend's e-mail address

email_address_8 => nfespy@pwgvts.com

label_for__email_address_8 => Your friend's e-mail address

email_address_9 => nfespy@pwgvts.com

label_for__email_address_9 => Your friend's e-mail address

require__email_address_ => 1

label_for__upload =>    » Upload

require__upload => 0

subject => zPAJAwbAxg

require__subject => 1

label_for__message => Message

message => pIvdKI  <a href="Metasearch Search Engine - Search.com, vxdarunwwyfg, [link=Metasearch Search Engine - Search.com[/link], Metasearch Search Engine - Search.com

message_parsed => pIvdKI  <a href="Metasearch Search Engine - Search.com, vxdarunwwyfg, [link=Metasearch Search Engine - Search.com[/link], Metasearch Search Engine - Search.com

require__message => 0

label_for__security_image => Security image

security_image => WyTWjzMe

require__security_image => 1





If you believe this suspected hack attempt is neither correct nor benign, but rather actually represents a substantial stability problem in the website software, read the information below. Otherwise, do not read on.


Below is a stack trace revealing the state the software was in when the error occurred. If this represents a bug in the unmodified software, you may want to check ocPortal website for a fix, and if there isn't one, report this as a bug. Please note that merely posting a stack trace is not sufficient for us to solve your problem; the stack trace is just an aid that presents us with additional information. We still need to know the error message, what you tried to do, how you tried to do it, version numbers, and any other appropriate information.
We apologise for this problem and if it's a bug we hope you will work with us so that we can fix it for you promptly.

File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
sources/failure.php' Line '370' Function 'get_html_trace' Args
File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
sources/global2.php' Line '933' Function '_log_hack_attack_and_exit' Args
'LAME_SPAM_HACK'

'pIvdKI <a href="Metasearch Search Engine - Search.com">myucogamgujz</a>, vxdarunwwyfg, [link=Metasearch Search Engine - Search.com[/link], Metasearch Search Engine - Search.com'

''


File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
sources/input_filter.php' Line '36' Function 'log_hack_attack_and_exit' Args
'LAME_SPAM_HACK'

'pIvdKI <a href="Metasearch Search Engine - Search.com">myucogamgujz</a>, vxdarunwwyfg, [link=Metasearch Search Engine - Search.com[/link], Metasearch Search Engine - Search.com'


File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
sources/global2.php' Line '1,351' Function 'check_posted_field' Args
'message'

'pIvdKI <a href="Metasearch Search Engine - Search.com">myucogamgujz</a>, vxdarunwwyfg, [link=Metasearch Search Engine - Search.com[/link], Metasearch Search Engine - Search.com'


File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
sources/global2.php' Line '1,245' Function '__param' Args
array ( 'wrap_message' => '1', 'MAX_FILE_SIZE' => '20480000', 'comcode__message' => '1', 'name' => 'gaxdzxugbui', 'require__name' => '1', 'recommender_email_address' => 'nfespy@pwgvts.com', 'require__recommender_email_address' => '1', 'email_address_0' => 'nfespy@pwgvts.com', 'label_for__email_address_0' => 'Your friend\'s e-mail address', 'email_address_1' => 'nfespy@pwgvts.com', 'label_for__email_address_1' => 'Your friend\'s e-mail address', 'email_address_2' => 'nfespy@pwgvts.com', 'label_for__email_address_2' => 'Your friend\'s e-mail address', 'email_address_3' => 'nfespy@pwgvts.com', 'label_for__email_address_3' => 'Your friend\'s e-mail address', 'email_address_4' => 'nfespy@pwgvts.com', 'label_for__email_address_4' => 'Your friend\'s e-mail address', 'email_address_5' => 'nfespy@pwgvts.com', 'label_for__email_address_5' => 'Your friend\'s e-mail address', 'email_address_6' => 'nfespy@pwgvts.com', 'label_for__email_address_6' => 'Your friend\'s e-mail address', 'email_address_7' => 'nfespy@pwgvts.com', 'label_for__email_address_7' => 'Your friend\'s e-mail address', 'email_address_8' => 'nfespy@pwgvts.com', 'label_for__email_address_8' => 'Your friend\'s e-mail address', 'email_address_9' => 'nfespy@pwgvts.com', 'label_for__email_address_9' => 'Your friend\'s e-mail address', 'require__email_address_' => '1', 'label_for__upload' => '   » Upload', 'require__upload' => '0', 'subject' => 'zPAJAwbAxg', 'require__subject' => '1', 'label_for__message' => 'Message', 'message' => 'pIvdKI <a href="Metasearch Search Engine - Search.com">myucogamgujz</a>, vxdarunwwyfg, [link=Metasearch Search Engine - Search.com[/link], Metasearch Search Engine - Search.com', 'message_parsed' => 'pIvdKI <a href="Metasearch Search Engine - Search.com">myucogamgujz</a>, vxdarunwwyfg, [link=Metasearch Search Engine - Search.com[/link], Metasearch Search Engine - Search.com', 'require__message' => '0', 'label_for__security_image' => 'Security image', 'security_image' => 'WyTWjzMe', 'require__security_image' => '1',)

'message'

false

false

true


File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
pages/modules/recommend.php' Line '469' Function 'post_param' Args
'message'


File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
pages/modules/recommend.php' Line '97' Function 'actual' Class 'Module_recommend' Type '->' Object Module_recommend::__set_state(array()) Args
File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
sources/zones.php' Line '336' Function 'run' Class 'Module_recommend' Type '->' Object Module_recommend::__set_state(array()) Args
File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
sources/site.php' Line '964' Function 'load_module_page' Args
'pages/modules/recommend.php'

'recommend'


File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
sources/site.php' Line '750' Function 'request_page' Args
'recommend'

true


File '/home/audrone/domains/audrone.serveriai.lt/public_html/ocp/
index.php' Line '114' Function 'do_site' Args
Parameters wrap_message 1 MAX_FILE_SIZE 20480000 comcode__message 1 name gaxdzxugbui require__name 1 recommender_email_address nfespy@pwgvts.com require__recommender_email_address 1 email_address_0 nfespy@pwgvts.com label_for__email_address_0 Your friend's e-mail address email_address_1 nfespy@pwgvts.com label_for__email_address_1 Your friend's e-mail address email_address_2 nfespy@pwgvts.com label_for__email_address_2 Your friend's e-mail address email_address_3 nfespy@pwgvts.com label_for__email_address_3 Your friend's e-mail address email_address_4 nfespy@pwgvts.com label_for__email_address_4 Your friend's e-mail address email_address_5 nfespy@pwgvts.com label_for__email_address_5 Your friend's e-mail address email_address_6 nfespy@pwgvts.com label_for__email_address_6 Your friend's e-mail address email_address_7 nfespy@pwgvts.com label_for__email_address_7 Your friend's e-mail address email_address_8 nfespy@pwgvts.com label_for__email_address_8 Your friend's e-mail address email_address_9 nfespy@pwgvts.com label_for__email_address_9 Your friend's e-mail address require__email_address_ 1 label_for__upload    » Upload require__upload 0 subject zPAJAwbAxg require__subject 1 label_for__message Message message pIvdKI <a href="Metasearch Search Engine - Search.com">myucogamgujz</a>, vxdarunwwyfg, [link=Metasearch Search Engine - Search.com[/link], Metasearch Search Engine - Search.com message_parsed pIvdKI <a href="Metasearch Search Engine - Search.com">myucogamgujz</a>, vxdarunwwyfg, [link=Metasearch Search Engine - Search.com[/link], Metasearch Search Engine - Search.com require__message 0 label_for__security_image Security image security_image WyTWjzMe require__security_image 1

<b>WHAT YOU THINK ABOUT IT and what I should to do ?</b>



My trial to learn ocPortal
~~~~~~~~~~~~~~~~~
http://audrone.serveriai.lt/straipsniai/
Back to the top
 
Posted
Rating:
#68060
Avatar

Well-settled

The website works normally, but I am getting such messages constantly

My trial to learn ocPortal
~~~~~~~~~~~~~~~~~
http://audrone.serveriai.lt/straipsniai/
Back to the top
 
Posted
Rating:
#68061
Avatar

Community saint

Hi Beata!

These messages let you know that ocPortal’s security system successfully foiled the hacker’s plan to use the recommend module for subversive advertisements.

Suggest you disable the “Guest” view access of this module in:
Admin Zone–>Security–>Permissions tree editor–>module recommend
Back to the top
 
Posted
Rating:
#68064
Avatar

Community saint

I go with Jean's rec., and would add that you disable Guest view to the 'Shoutbox' and 'Chat' module as well. In the past I've had spammers filling up these areas with their garbage, despite having CAPTCHA activated.

 :thumbs:

Take my advice. I'm not using it!

View my working ocPortal site (version 9.x.x) at Anglo-Indian Portal
Back to the top
 
Posted
Rating:
#68069
Avatar

Well-settled

Jean said

Hi Beata!

Suggest you disable the “Guest” view access of this module in:
Admin Zone–>Security–>Permissions tree editor–>module recommend
Hello Jean,
That's great, but

Sorry, I am not very experienced with OcPortal and I can't find "module recommend"

and how it to disable?

P.S. I have remember that I have something did with "Guest" some time ago by reading some OcPortal tutorials, but what, I don't remember..

I alraedy found "module recommend" in Zone "welcome" but how to disable it?

I DID IT - thanks


Last edit: by Beata

My trial to learn ocPortal
~~~~~~~~~~~~~~~~~
http://audrone.serveriai.lt/straipsniai/
Back to the top
 
Posted
Rating:
#68070
Avatar

Well-settled

Fletch said

I go with Jean's rec., and would add that you disable Guest view to the 'Shoutbox' and 'Chat' module as well. In the past I've had spammers filling up these areas with their garbage, despite having CAPTCHA activated.

 :thumbs:

Thank you for sugestions, I have found module for chat, it had red point, but can't find shoutbox

My trial to learn ocPortal
~~~~~~~~~~~~~~~~~
http://audrone.serveriai.lt/straipsniai/
Back to the top
 
Posted
Rating:
#68073
Avatar

Community saint

Beata said

Thank you for sugestions, I have found module for chat, it had red point, but can't find shoutbox
Shoutbox is a 'block' on your side panel.
You could limit the view of it by editing this side panel, disabling WYSIWYG and adding a bit of tempcode around the shoutbox block like this:

Code

{+START,IF,{$NOT,{$IS_GUEST}}}[block]side_shoutbox[/block]
{+END}
This will ensure that only registered members will see the shoutbox on your side panel.

I'm hoping that this will be of some help.
Jean
Back to the top
 
Posted
Rating:
#68078
Avatar

Community saint

Beata said

 I have found module for chat, it had red point, but can't find shoutbox
Use Jean's example and keep it safe somewhere for when you want to stop 'some' categories of visitors seeing some of the content in your panels.

I've found from experience that if there is only ONE chat room, it is the default and everything typed in there is reflected in the shoutbox block. Limiting 'Chat' visibility for Guests also limits the visibility of the shoutbox. Jean's advice is much more elegant, though!

Thanks for stepping in there, Jean.

 :thumbs:

Take my advice. I'm not using it!

View my working ocPortal site (version 9.x.x) at Anglo-Indian Portal
Back to the top
 
Posted
Rating:
#68080
Avatar

Well-settled

Thank you both for very quick help and codes very much.

It's really, now shoutbox opens when I login

My trial to learn ocPortal
~~~~~~~~~~~~~~~~~
http://audrone.serveriai.lt/straipsniai/
Back to the top
 
Posted
Rating:
#68084
Avatar

Community saint

The link in your signature is broken Beata.
Back to the top
 
Posted
Rating:
#68090
Avatar

Community saint

Fletch said

….. and would add that you disable Guest view to the 'Shoutbox' and 'Chat' module as well. In the past I've had spammers filling up these areas with their garbage, despite having CAPTCHA activated.

 :thumbs:

I've fallen victim to the shoutbox spam in the past. Now guests get a nice message stating:  "Guest" does not have access to enter this chatroom." on the shoutbox block. Been peaceful  ever since.

Eric DeMars . com
My electronic portfolio and personal site. Uses ocPortal!
Back to the top
 
Posted
Rating:
#68091
Avatar

Well-settled

Brian Hay said

The link in your signature is broken Beata.
Yes, I know
Somethings is happenned with server
I am waiting…

Other my websites:

Lietuvos bajoru karaliskoji sajungahtml
LIETUVOS GENEALOGIJOS IR HERALDIKOS DRAUGIJA
http://www.genealogija.lt and many others :-)

These are all done with Joomla

P.S. I have changed my signature :-)


Last edit: by Beata

My trial to learn ocPortal
~~~~~~~~~~~~~~~~~
http://audrone.serveriai.lt/straipsniai/
Back to the top
 
Posted
Rating:
#68092
Avatar

Community saint

Those are some nice looking, well put together sites. :)
Back to the top
 
Posted
Rating:
#68093
Avatar

Well-settled

Thank you :-)

My OcPortal is my trial to be acquinted with new interesting system for me

I show you my URL and want to ask: why my polls are not visible when I am not logged. It opens in whole size only when I login

I think, maybe this because day image take less place than box size of pols  ?

Visiems

Is there possibility in this forum to make my thread solved? - I don't find how to do

My trial to learn ocPortal
~~~~~~~~~~~~~~~~~
http://audrone.serveriai.lt/straipsniai/
Back to the top
 
Posted
Rating:
#68099
Avatar

Community saint

Beata said

Is there possibility in this forum to make my thread solved? - I don't find how to do

Go to the first post in this thread and edit it by adding 'solved' in front of the title …

 :thumbs:

Take my advice. I'm not using it!

View my working ocPortal site (version 9.x.x) at Anglo-Indian Portal
Back to the top
 
Posted
Rating:
#68105
Avatar

Community saint

Brian Hay said

Those are some nice looking, well put together sites.


Indeed, I join with Brian's comment on your sites. Very Nice!
Back to the top
 
Posted
Rating:
#68200
Avatar

Community saint

Beata said

Thank you :-)
I show you my URL and want to ask: why my polls are not visible when I am not logged. It opens in whole size only when I login

I think, maybe this because day image take less place than box size of pols  ?

Visiems
Hi Beata. I had a similar problem with the polls box not being shown properly. It turned out that the poll uses Javascript to draw itself, and for security reasons Javascript is only allowed to access the domain (Web address) where it came from. My site is accessible from both Welcome to the Free Software Society at the University of Sheffield - Sheffield University Free Software Society and Welcome to the Free Software Society at the University of Sheffield - Sheffield University Free Software Society . Notice that one has "www" and the other doesn't. It turns out that the Javascript was one of those addresses was being denied access to the other, even though they're the same site!

The solution was to make the server redirect the "www" addresses to those without, so that everything was using the same name. I did this by changing the ".htaccess" file for the site, which you can read more about here. I used ocPortal's recommended file and added these lines underneathRewriteEngine on:

RewriteCond %{HTTP_HOST} ^www\.fss\.union\.shef\.ac\.uk$ [NC]
RewriteRule ^(.*)$ http://fss.union.shef.ac.uk/$1 [R=301,L]


Of course you should change those addresses to your own site's, but make sure to put backslashes in front of the dots on the first line like I have.

Good luck :)
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: