Anything Forums

Posted: **Thu Oct 07, 2004 8:54 am**

Some guy trying to gain unauthorized access to the site.

24.17.127.109 - - [21/Sep/2004:22:27:02] "http://www.iceteks.com/forums/archive/f/16/" (http://64.233.167.104/search?q=cache:dT0yi2s-YvoJ:www.iceteks.com/forums/archive/t/1637/+%22program+e%22+undefined&hl=en) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:05] "http://www.iceteks.com/forums/archive/" (http://www.iceteks.com/forums/archive/f/16/) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:06] "http://www.iceteks.com/forums/" (http://www.iceteks.com/forums/archive/) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:12] "http://www.iceteks.com/forums/index.php?&act=Members" (http://www.iceteks.com/forums/) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:15] "http://www.iceteks.com/forums/index.php?&act=Search&f=" (http://www.iceteks.com/forums/index.php?&act=Members) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:20] "http://www.iceteks.com/forums/index.php?act=Search&CODE=01" (http://www.iceteks.com/forums/index.php?&act=Search&f=) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:29] "http://www.iceteks.com/forums/index.php?act=Search&CODE=01" (http://www.iceteks.com/forums/index.php?&act=Search&f=) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:32] "http://www.iceteks.com/forums/index.php?act=Search&CODE=01" (http://www.iceteks.com/forums/index.php?&act=Search&f=) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [24/Sep/2004:18:26:50] "http://iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [24/Sep/2004:18:27:01] "http://iceteks.com/tools/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 1
24.17.127.109 - - [03/Oct/2004:18:21:54] "http://www.iceteks.com/forums/index.php?showtopic=2549&" (http://216.239.57.104/search?q=cache:_Ww6j-nn3rwJ:www.iceteks.com/forums/archive/t/2549/+icetekslogs.php&hl=en) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [04/Oct/2004:18:17:06] "http://scada.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [04/Oct/2004:18:17:21] "http://scada.iceteks.com/index.php?act=viewlogs&act2=show" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [04/Oct/2004:18:17:59] "http://scada.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [04/Oct/2004:18:18:03] "http://scada.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [04/Oct/2004:18:18:14] "http://scada.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [04/Oct/2004:18:18:41] "http://scada.iceteks.com/index.php?setoverride=1" (http://66.102.7.104/search?q=cache:KTBUUuh_hxUJ:scada.iceteks.com/+%22scada.iceteks.%2Bcom/%22&hl=en) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [04/Oct/2004:18:22:35] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [06/Oct/2004:00:08:45] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [07/Oct/2004:01:51:39] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:04:58] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:07:19] "http://www.iceteks.com/omgwtfbbq.+i've+been+banned+from+a+site+i+never+visit.+big+deal.+and+i+didn't+search+for+it.+your+log+viewer+passes+html+in+user+agents.+look+at+mine+;)" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:11:12] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:13:08] "http://www.iceteks.com/news/pictures/pic_21704finalproduct.jpg" (http://64.233.167.104/search?q=cache:GPw3_KW98N4J:forum.grid.org/phpBB/viewtopic.php%3Ft%3D14178+red+squirrel+iceteks&hl=en) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:25:39] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:35:56] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:36:15] "http://www.iceteks.com/" () - - <script> tag, right here --> <script<alert("OMG PWN3D RIGHT BACK TO YOU. look. i didn't mean to cause trouble.
your script doesn't escape html when parsing user agents. i have an image tag in my user agent pointing to a script of mine.
i noticed a hit with a referrer of your script, and went to check it out.
nice security system, though. i could have stolen your cookies with this. better fix your script.
if you want to talk, iceteks@gotdoof.com");</script<<-- Channel: 2
24.17.127.109 - - [08/Oct/2004:01:09:05] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [08/Oct/2004:17:52:10] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [08/Oct/2004:20:42:38] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 0
24.17.127.109 - - [08/Oct/2004:20:43:17] "http://www.iceteks.com/" (http://www.iceteks.com/) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 0
24.17.127.109 - - [08/Oct/2004:20:43:18] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 0
24.17.127.109 - - [09/Oct/2004:17:45:02] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
[code]

Chanels: 0 = normal log, 1 = errror log, 2 = access denied

Basically he got blocked automaticly apon the second entry since he tried to login to the scada control panel.  Sad part is, he left the username and password field blank!

Notice how he attempts to use google's cache to hack. :roflmao2:   N00B


- updated log! - 

[color=#888888][size=85]Archived topic from Iceteks,  old topic ID:2731, old post ID:22276[/size][/color]

Posted: **Thu Oct 07, 2004 9:04 am**

Those logs tell me nothing. I'm probably worse than a noob

. ....but then again, it's not like I'm a hacker, or I want to hack, so all is well

.

Archived topic from Iceteks, old topic ID:2731, old post ID:22277

Posted: **Thu Oct 07, 2004 9:12 am**

Actually the logs look more complicated because of the word wrap. But I noticed a bug in my security script, well a very small one. When a rule matches the number of matches is supost to increment but it does not, I'll have to look at that when I feel better. But the security part is working fine.

Anyone who would gain unauthorized access to that control panel could do some nasty stuff, such as turn logging off and screw up my stat acursy.

Or worse yet, he could change the password.

(which would take 30 seconds to change back with ftp access).

But I'll keep logging his access since if he keeps trying I'll contact Comcast (his ISP)

Archived topic from Iceteks, old topic ID:2731, old post ID:22279

Posted: **Thu Oct 07, 2004 4:16 pm**

That'll teach him to try to hack into places where he doesn't belong

. Even funnier would be if he went to jail for that. He'd probably kick himself if that ever happened

Archived topic from Iceteks, old topic ID:2731, old post ID:22287

Posted: **Thu Oct 07, 2004 4:53 pm**

hey i was going by google one time and got stuck trying to get in to this forum? no matter what i did it would not let me in?
i even tried to get to the control panel still it did not work.

I guess i will just have to keep logging in to post

really it was not me red. i also got lost in that log like fuzzy fox did

still this seems like somebody we might know red you think they started up again on a different isp thinking you would not know them.?

enough said you should know what i mean red.

B b f
u e e
t....w

Archived topic from Iceteks, old topic ID:2731, old post ID:22290

Posted: **Thu Oct 07, 2004 5:07 pm**

I know exactly where they're from.

PC *cough* and A

Archived topic from Iceteks, old topic ID:2731, old post ID:22293

Posted: **Fri Oct 08, 2004 3:21 pm**

well well well....

This guy is really asking for some. He put a string in his user agent to make it do a popup when I check my logs. VERY easy to do.

But in the message he threatened that he can steal my cookies and gain access to the system. Well what he does not know is that I don't check the logs online but on my lan server, so if he does get cookies he'll get my LAN server ones... big deal.

So this guy is going DOWN. I'll contact his ISP about it if he continues, and with the logs, I'm sure he may get his account suspended or what not.

If not, I'll just crash his system from here. But I'll pick the legal route first. Only problem is that he'll just use a different isp and I'll have to track him down again.

The security system is fairly old, but still fairly strong, but I've been planing to rebuild it to be even stronger, and this might have changed those plans to umm, now.

Notheless, I will make sure nothing bad happends to the site. Even if he would happen to log on that system, big deal, the only thing he can do with that system is delete IP rules, create them etc.... that may be an inconvenience for me, but big deal, he can't even change anything on the site that way.

But main thing is, he's asking for it, and he's going to get it.

Archived topic from Iceteks, old topic ID:2731, old post ID:22319

Posted: **Fri Oct 08, 2004 6:36 pm**

Just for fun I'll let him on for a bit, he'll probably come here and post something nasty. That way I'll have more data to send to Comcast, his ISP.

Archived topic from Iceteks, old topic ID:2731, old post ID:22322

Posted: **Fri Oct 08, 2004 9:23 pm**

And your posting your maniacle plans for him publicly, who's the idot now

.

Archived topic from Iceteks, old topic ID:2731, old post ID:22326

Posted: **Fri Oct 08, 2004 9:38 pm**

It's all just to get the guy fired up. Squirrel's got him in checkmate now. If he tries to post anything, Squirrel's only got more evidence of bad conduct to give to the authorities. If that guy were smart, he'd disappear without doing anything. Everything can and probably WILL be traced. Then he'll end up in a lot of trouble

Archived topic from Iceteks, old topic ID:2731, old post ID:22327

Posted: **Fri Oct 08, 2004 9:38 pm**

Just testing his stupidity.

If he'll actually fall for it. Or perhaps he's so dumb that he's not even viewing this with a proxy.

But as you can see, I'm not too concerned about the situation...

Archived topic from Iceteks, old topic ID:2731, old post ID:22328

Posted: **Fri Oct 08, 2004 9:41 pm**

Looks like Red's got the "Security munchies". Acting just like the Timmins police officers eh? Hehehehe. Well, if he IS dumb enough, he'll fall into this trap and do something that can easily be traced (Like a post

). Then he'll be in trouble. BWAHAHA

Archived topic from Iceteks, old topic ID:2731, old post ID:22331

Posted: **Fri Oct 08, 2004 9:50 pm**

Wow, is that TWO powerbars? Tsk tsk, I hope they're surge protected.

. Nice case by the way. Love the blue LED fans

.

Archived topic from Iceteks, old topic ID:2731, old post ID:22333

Posted: **Fri Oct 08, 2004 9:54 pm**

Yep 2 power bars, and a UPS. Safety is high too. Both power bars are surge protected, and are plugged into a UPS, which also is surge protected.

Same with downstairs, I have a similar setup. Almost everything is double surge protected. If I wanted to I'd plug multiple UPSes in each other, though I'm not sure how good that is, since cheap UPSes don't produce a real sine wave, so it would maybe affect the ups plugged into it.

Basically, when the power goes out here, you hear lot of beeping. Almost as bad as that newer bus we went into a few weeks ago.

Archived topic from Iceteks, old topic ID:2731, old post ID:22334

Posted: **Fri Oct 08, 2004 9:57 pm**

LOL. Ya, those beeping buses

. Hehehe, ya, UPS rocks. Gotta love the fact that you can still use your computer when the power goes out.

Archived topic from Iceteks, old topic ID:2731, old post ID:22336

Posted: **Fri Oct 08, 2004 9:59 pm**

Yep, I even have the nework downstairs plugged into the UPS, though I did not bother to plug in the modem. Since a router, 2 computers is quite an overload (when I checked I had like 5 watts left). Basically enough power so I can remotely shut down both machines from up here, then shut this one.

Archived topic from Iceteks, old topic ID:2731, old post ID:22337

Posted: **Fri Oct 08, 2004 10:07 pm**

Ya, I'll bet that must suck up the battery juice like nothing. But all you really need is 5 minutes to save and get out!

Archived topic from Iceteks, old topic ID:2731, old post ID:22340

Posted: **Fri Oct 08, 2004 10:45 pm**

I heard a myth that the average life of a ups battery is like 2 years but the one I have upstairs is aproaching that, if older, and so far no problems. UPSes usually have VRLA batteries which, as long as not deep cycled too much, can last virtually for ever. If ever it goes caput I'll get a care battery as replacement, since a PSU battery is too expensive.

Archived topic from Iceteks, old topic ID:2731, old post ID:22346

Posted: **Fri Oct 08, 2004 10:51 pm**

Ya. Some UPS betteries have lifetime warantees on them (Which really ISN'T lifetime, more like 5 years). I forget which ones, but I always kind of wondered how they handle that stuff. When somebody brings it in, do they actually fix it up or give them a new one? Or do they pay them in cash. Heck, I think they don't even do anything about it (Which would suck).

Archived topic from Iceteks, old topic ID:2731, old post ID:22349

Posted: **Fri Oct 08, 2004 11:08 pm**

Wow, we sure did a good job at derailing this thread.

It's always fun to do that. Too much security talk gives the guy attention anyway.

Archived topic from Iceteks, old topic ID:2731, old post ID:22352

Posted: **Sat Oct 09, 2004 11:40 am**

I hate to go off topic after all that, but.....those beeping buses annoy the heck out of me!

Archived topic from Iceteks, old topic ID:2731, old post ID:22366

Posted: **Sat Oct 09, 2004 12:39 pm**

haha yeah, I don't get why they made them like that, like what's the point? lol. Whenever it turns it beeps, whenever the door opens etc.... lol

Archived topic from Iceteks, old topic ID:2731, old post ID:22367

Posted: **Sat Oct 09, 2004 12:46 pm**

in an effort to throw this train back on the rails i think i will post lol

im curious to know how far buddy will get if we just leave him be lmao

Archived topic from Iceteks, old topic ID:2731, old post ID:22369

Posted: **Sat Oct 09, 2004 12:59 pm**

He might just post something nasty, that's as far as he can really go, unless there's a bad security issue somewhere else which I doubt. He would probably attempt to post stuff on the home page, but I have to validate it before it goes on, anyway.

Oh and he did get on when he had full access, all he did was refresh the page a few times for some odd reason then left. Over night he did not even try again.

Not sure what he wants, really.

Archived topic from Iceteks, old topic ID:2731, old post ID:22371

Posted: **Sat Oct 09, 2004 7:03 pm**

I like the message

Code: Select all

omg wtf bbq. i've been banned from a site i never visit. big deal. and i didn't search for it. your log viewer passes html in user agents. look at mine;)[code] 

[color=#888888][size=85]Archived topic from Iceteks,  old topic ID:2731, old post ID:22378[/size][/color]

Anything Forums

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot

idiot