log in | register | forums
Show:
Go:
Forums
Username:

Password:

User accounts
Register new account
Forgot password
Forum stats
List of members
Search the forums

Advanced search
Recent discussions
- Elsear brings super-fast Networking to Risc PC/A7000/A7000+ (News:)
- Latest hardware upgrade from RISCOSbits (News:)
- WROCC November 2024 talk o...ay - Andrew Rawnsley (ROD) (News:3)
- Accessing old floppy disks (Gen:3)
- November developer 'fireside' chat on saturday night (News:)
- RISCOSbits releases a new laptop solution (News:4)
- Announcing the TIB 2024 Advent Calendar (News:2)
- RISC OS London Show Report 2024 (News:1)
- Code GCC produces that makes you cry #12684 (Prog:39)
- Rougol November 2024 meeting on monday (News:)
Latest postings RSS Feeds
RSS 2.0 | 1.0 | 0.9
Atom 0.3
Misc RDF | CDF
 
View on Mastodon
@www.iconbar.com@rss-parrot.net
Site Search
 
Article archives
The Icon Bar: Site Comments: Can you get banned from Iconbar by clicking on one a link?
 
  Can you get banned from Iconbar by clicking on one a link?
  (13:58 15/6/2002)
  rich (09:08 6/7/2001)
    _tymaja_ (13:58 15/6/2002)
  rich (13:58 15/6/2002)
 
rich Message #5743, posted at 09:08, 6/7/2001, in reply to message #5742
Unregistered user Stop clicking on obviously dodgy URLs and you won't see things like this. Sheesh.

Use a bit of common sense - if you start poking around in the internals of the site and start seeing URLs with "attack_attempt" in them, DON'T CLICK ON THEM, and certainly don't go around publicising the URL (do you know how many times a day these pages get spidered by search engines?!?). Someone had tried running an WinNT/IIS attack on this Linux/Apache server, so I reconfigured the error CGI to block the IPs of these attackers just in case they try something else. Of course I had to test it.

In answer to your question, no-one gets banned from TIB. If you read it carefully you'll see that web pages are still available, it just closes all other services just in case they run some other, possibly more successful, attack.

The obvious answer is to stop people looking at the stats full stop.

  ^[ Log in to reply ]
 
_tymaja_ Message #5742, posted at 13:58, 15/6/2002
Unregistered user I was just browsing through the usage lists, and, on page:

[the stats page - ed.]

and [snip - ed.] I found the following link :

[snip obviously dodgy URL with the words "attack_attempt" and "LOG_THIS" in it]

I clicked on it, and found a page obviously designed for someone who was trying to hack the site, saying that my IP has been blocked from all but web access, that the sysadmin has been notified, and that the host of this machine will be notified.

My question for the server admin is :

- does your server do all of the above (banning etc), and then redirect the user to that above page? (which means that I haven't been unfairly banned etc)
- or, does your server redirect them to the above page, and, when someone loads up that page, ban them, notify the sysadmin etc? (which means I would have been unfairly banned etc).

Hopefully it is the first, and not the second smile. If it is the second, I would suggest a modification in the script to remove this URL from the usage history smile

Thanks,

Matt

monkey

  ^[ Log in to reply ]
 
rich Message #5744, posted at 13:58, 15/6/2002, in reply to message #5742
Unregistered user Bah, the first time I've had to modify the content of someone else's posting. A distasteful experience. unhappy
  ^[ Log in to reply ]
 
_tymaja_ Message #5745, posted at 13:58, 15/6/2002, in reply to message #5743
Unregistered user >
Stop clicking on obviously dodgy URLs and you won't see things like this. >Sheesh.

It was an interesting URL, and it was displayed on a public page, and purposely made an active link, for the purposes of clicking it.

>Use a bit of common sense - if you start poking around in the internals
>of the site

It's not really the internals of this site, the URL, which I won't write up, which I found on a public posting elsewhere, from one of the webmasters, is extremely simple. It is very polished, designed for public viewing. It's not exactly a text page with raw stats... It has computer generated graphs, all nicely explained for the public.

>and start seeing URLs with "attack_attempt" in them, DON'T CLICK
>ON THEM

I assumed it was a news article about some kind of attack attempt, maybe about argonet, or 'The Iconbar' itself. It was an active link, and publicised for clicking, on a public page.

>and certainly don't go around publicising the URL (do you know how
>many times a day these pages get spidered by search engines?!?).

Publicising the URL would be to post it on CSA.* or something. And, that's not the kind of thing that I would do anyway.

>Someone had tried running an WinNT/IIS attack on this Linux/Apache
>server, so I reconfigured the error CGI to block the IPs of these attackers
>just in case they try something else. Of course I had to test it.

I completely agree with you here! smile

>In answer to your question, no-one gets banned from TIB. If you read it
>carefully you'll see that web pages are still available, it just closes all
>other services just in case they run some other, possibly more successful, attack.

I know that, I was just wondering whether I had been 'limited' by viewing that page, or whether the script limited the user, *then* directed them to this page. I didn't really want the host of this computer getting a message saying I was trying to crack your machine, you see.

>The obvious answer is to stop people looking at the stats full stop.

If you click on the 'staff only' forum it asks for your login, and then only lets you in if you are a member of staff. This login could also be applied to the stats page.

Or, there could just be a few lines in the stats generating script which finds the offending actively linked URL, and replaces it with a plain text saying [WinNT/IIS attack attempts].

Matt

  ^[ Log in to reply ]
 

The Icon Bar: Site Comments: Can you get banned from Iconbar by clicking on one a link?