Home »
FUDforum Development »
Bug Reports »
Old bug revisited?
Old bug revisited? [message #19009] |
Mon, 21 June 2004 18:39 |
Marticus
Messages: 272 Registered: June 2002
Karma:
|
Senior Member |
|
|
I keep receiving email messages from the forum regarding people who have attempted to register for accounts. The admin interface shows similar details to this:
Login: Lancer
E-mail: postmaster(at)blahblahpornsite(dot)com
Name: Lancer
Gender: Unspecified
IP Address: 0.0.0.0
So, I check the apache access logs and find this:
213.24.168.11 - - [21/Jun/2004:08:15:05 -0400] "POST /index.php?t=register HTTP/1.1" 200 401
213.24.168.11 - - [21/Jun/2004:08:15:33 -0400] "POST /index.php?t=register HTTP/1.1" 302 5
213.24.168.11 - - [21/Jun/2004:08:15:34 -0400] "GET /index.php?S=a47613fcf266fc74697dc821ee037bed HTTP/1.1" 200 13579
213.24.168.11 - - [21/Jun/2004:08:15:35 -0400] "GET /lib.js HTTP/1.1" 304 -
213.24.168.11 - - [21/Jun/2004:08:15:36 -0400] "GET /theme/default/forum.css HTTP/1.1" 304 -
213.24.168.11 - - [21/Jun/2004:08:16:12 -0400] "GET /index.php?t=emailconf&conf_key=3da4fc9af93e6a45b2ba8f86e0336008 HTTP/1.1" 302 5
213.24.168.11 - - [21/Jun/2004:08:16:13 -0400] "GET /index.php?t=index& HTTP/1.1" 200 13579
213.24.168.11 - - [21/Jun/2004:08:16:14 -0400] "GET /lib.js HTTP/1.1" 304 -
213.24.168.11 - - [21/Jun/2004:08:16:15 -0400] "GET /theme/default/forum.css HTTP/1.1" 304 -
I found one reference to these log entries in your search:
http://fudforum.org/forum/index.php?t=msg&goto=2553&
Is there an exploint in fud? Will I need to use mod rewrite to block this type of attack?
-Marticus
|
|
|
Goto Forum:
Current Time: Thu Nov 07 11:25:38 GMT 2024
Total time taken to generate the page: 0.05017 seconds