This IP is denied in .htaccess and it is STILL getting through! - GoFuckYourself.com

Plat · 03-14-2002, 02:01 PM

How on earth is this IP 193.136.33.209 that is being denied right now using .htaccess executing my php script that is protected by the .htaccess deny file?

I have looked everywhere for an answer and cant seem to find one anywhere..hopefully someone on here will know.

ServerGenius · 03-14-2002, 02:27 PM

start by posting your .htaccess file....if you don't want to:
replace the IP you want to ban with your own IP and test if
it works....

DynaMite

Plat · 03-14-2002, 02:50 PM

PLAT DOES NOT HAVE AN ATTITUDE!!!! just trying to get an answer from this wacked out board! :c)

Marco · 03-14-2002, 03:03 PM

Put this in your .htaccess file and see if he still he gets through.

deny from 193.136.33.0/24

Marco
[email protected]
ICQ 29151164

RK · 03-14-2002, 03:21 PM

Quote:

Originally posted by Plat
How is this IP (user) wahtever the fuck it is still accessing my site?

How do you know that IP is still accessing your site?

ServerGenius · 03-14-2002, 03:21 PM

If you know what you are doing then why doesn't it work and do you ask?

DynaMite

railz · 03-14-2002, 03:25 PM

Quote:

Originally posted by Marco
Put this in your .htaccess file and see if he still he gets through.

deny from 193.136.33.0/24

Marco
[email protected]
ICQ 29151164

Just for information, what's the /24 for?

ServerGenius · 03-14-2002, 03:28 PM

/24 is a C-class of IP addresses....it means everything from:
123.123.123.0 until 123.123.123.255

DynaMite

Ludedude · 03-14-2002, 03:28 PM

/24 is used in classless interdomain routing (CIDR) as a way to work with blocks of IP's irrespective of the old method of fixed classes and subnets. CIDR allows a lot more flexibility in assigning IP's from a block rather than in fixed chunks of 255 addresses at a time.

In this case, it's just a different way to block the entire block from 193.196.33.0 to 193.196.33.255

Worth a try.

Plat · 03-14-2002, 03:29 PM

Ok look.

Im running a php file that redirects to c.cgi. I can see its still coming through by looking in my UCJ logs. I have renamed c.cgi to something else just in case it was coming in directly through c.cgi. It's a pronbot that is messing up my UCJ stats. Setting .htaccess deny will not work if the user comes directly in through a c.cgi link thats why I made the php file cause the .htaccess will deny that php file from being used. Tested by me for me using my IP and some friends did the same. All came out "forbidden" as it should. Now how is this one IP getting through and wreaking havoc still? IP Spoofing maybe? Thats the ONLY thing i can find by searching google but still it doesnt give a good enough explanation so i'm not positive.

DynaSpain:

Quote:

If you know what you are doing then why doesn't it work and do you ask?

GoFuckYourself! kthx

Smegma · 03-14-2002, 03:34 PM

Quote:

Originally posted by Plat
man i know wtf im doing. ive tested with my own IP... ive done literally all I can think of. How is this IP (user) wahtever the fuck it is still accessing my site?

this board is useless i swear! only topics that ever get read are the retarded ones that have nothing to do with the adult industry.

With your fucking attitude.. I'm amazed anyone helped you.

Go Fuck Yourself and the horse you rode in on!

Plat · 03-14-2002, 03:37 PM

where did u quote that from? thats a fake quote!... liez

railz · 03-14-2002, 03:42 PM

Wow - you learn something new every day.

So for a totally "effecitve" block, you could use

deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx/24

Assuming it's a class C of course.

ServerGenius · 03-14-2002, 03:43 PM

I was willing to help....not anymore...first you post a problem
without any info...then you claim that you're allmighty and know it all......post again with info and wine you don't understand....

/etc/rc.d/init.d/apache stop <---my advice I'll guarantee it works! Even with IP spoofing dickhead!

DynaMite

Plat · 03-14-2002, 03:47 PM

kk im sorry i apologize for being so rude.

its been a long fucking day, im tired, want to go to sleep but no gotta find out how to fix this crap guy for good. and anyone who follows him.

Now what is this here? /etc/rc.d/init.d/apache or are u just mad and tryin to get me to crash my server or something? :c)

ServerGenius · 03-14-2002, 04:04 PM

/etc/rc.d/init.d/apache stop will stop your webserver....it will stop the attack but it's not what you are looking for.

THe IP range belongs to an university in Portugal
193.136.32.0 - 193.136.39.255 Try first blocking those nets.
It are leaching students only that you will block.

Their router blocks IMCP traffic so you can't ping/trace any
ip within that block. If you have access to IP chains of IP tables
block that range in there that's a lot better...then having your webserver to deal with it.

DynaMite

AdultWire · 03-14-2002, 04:11 PM

Your first mistake was thinking you knew what you were talking about. It doesn't matter how a user comes in. Put the .htaccess in the directory with the content you wish to protect. Read this 10 times before you come back in here being soooo right again.

Plat · 03-14-2002, 04:17 PM

Quote:

Originally posted by AdultWire
Your first mistake was thinking you knew what you were talking about. It doesn't matter how a user comes in. Put the .htaccess in the directory with the content you wish to protect. Read this 10 times before you come back in here being soooo right again.

AdultWire damnit man dont make me go crazy again and blow a gasket or something!

Yes I know .htaccess will deny an IP from viewing a directory..yes yes that is true that is like noobie talk. Ive been here forever and never seen this type of thing before happen k? Just because I am not mr. l33t poster with 2000 gfy posts does not mean im a fucking retard with no skills.

Plat · 03-14-2002, 04:19 PM

Quote:

Originally posted by DynaSpain

Their router blocks IMCP traffic so you can't ping/trace any
ip within that block. If you have access to IP chains of IP tables
block that range in there that's a lot better...then having your webserver to deal with it.

DynaMite

Wow because I did try to ping the IP address and it came up not returning some TTL.

So if I block out the entire range it should knock them out?
Still its weird that one IP getting through... and no other IP's withing that small range showing.

ServerGenius · 03-14-2002, 04:32 PM

if that IP is a firewall all traffic from behind that ip can appear to come from that IP....it all depends on their setup.

I did a traceroute on that IP it stops with a router from that another class within that netblock...I looked up the netblock
at the ripe whois database....

it can be a firewall, a proxy, or just a host....all I can see is that either a router or firewall is dropping ICMP traffic that's why you get the expire ttl message....

Blocking that whole netblock would be my first try if I would not
have access to ipchains

DynaMite

ServerGenius · 03-14-2002, 04:39 PM

Afterall it's not that hard using php to force fake headers for a http request.....

DynaMite

ServerGenius · 03-14-2002, 05:01 PM

I assume you have it solved....I can go to bed now

DynaMite

Plat · 03-14-2002, 05:41 PM

Yes I read about sending fake headers and am trying figure out the proper code. Anyone know the PHP code for this?

Maybe i am just a poon and this is forcing a fake header but I doubt it.

My current php file looks like this

<?php

Header("Location:http://www.domain.com/cgi-bin/ucj/c.cgi?url=$url&link=$link&p=$p");
exit;

?>

TheFLY · 03-14-2002, 06:48 PM

I like this thread ;) let us know if you were finally able to stop this IP!

Za Ha · 03-14-2002, 09:39 PM

Hey Plat do you ever write back on icq?

61294953

ServerGenius · 03-15-2002, 12:33 AM

I just woke up again.....did you solve it?

DynaMite

Plat · 03-15-2002, 09:54 AM

shit he's back again 193.136.33.209

I even tried the 193.136.33.0/24 method that is in .htaccess right as I speak. Still no go.

How do I force headers using php?

ServerGenius · 03-15-2002, 10:12 AM

193.136.32.0 - 193.136.39.255 deny all those nets

deny from 193.136.32.0/24
deny from 193.136.33.0/24
deny from 193.136.34.0/24
deny from 193.136.35.0/24
deny from 193.136.36.0/24

Then you have that whole netblock banned...that will work!

DynaMite

Plat · 03-15-2002, 11:23 AM

K this is freaky.. im denying all those netblocks and it is still getting through!!!

03-14-2002, 02:01 PM	#1
Plat Confirmed User Industry Role: Join Date: Jan 2002 Location: Clearwater, Florida Posts: 2,680	This IP is denied in .htaccess and it is STILL getting through! How on earth is this IP 193.136.33.209 that is being denied right now using .htaccess executing my php script that is protected by the .htaccess deny file? I have looked everywhere for an answer and cant seem to find one anywhere..hopefully someone on here will know. __________________ Im fuckin retired

03-14-2002, 02:27 PM	#2
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	start by posting your .htaccess file....if you don't want to: replace the IP you want to ban with your own IP and test if it works.... DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-14-2002, 02:50 PM	#3
Plat Confirmed User Industry Role: Join Date: Jan 2002 Location: Clearwater, Florida Posts: 2,680	PLAT DOES NOT HAVE AN ATTITUDE!!!! just trying to get an answer from this wacked out board! :c) __________________ Im fuckin retired Last edited by Plat; 03-14-2002 at 03:36 PM..

03-14-2002, 03:03 PM	#4
Marco Registered User Join Date: Nov 2001 Location: www.codialer.com Posts: 26	Put this in your .htaccess file and see if he still he gets through. deny from 193.136.33.0/24 Marco [email protected] ICQ 29151164 __________________ CoDialer Paying up to $1.00 per minute, 240 countries supported and bi-weekly payments!

03-14-2002, 03:21 PM	#6
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	If you know what you are doing then why doesn't it work and do you ask? DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-14-2002, 03:28 PM	#8
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	/24 is a C-class of IP addresses....it means everything from: 123.123.123.0 until 123.123.123.255 DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-14-2002, 03:28 PM	#9
Ludedude Suck it! Industry Role: Join Date: Jun 2001 Location: Who wants to know? Posts: 4,432	/24 is used in classless interdomain routing (CIDR) as a way to work with blocks of IP's irrespective of the old method of fixed classes and subnets. CIDR allows a lot more flexibility in assigning IP's from a block rather than in fixed chunks of 255 addresses at a time. In this case, it's just a different way to block the entire block from 193.196.33.0 to 193.196.33.255 Worth a try. __________________

03-14-2002, 03:37 PM	#12
Plat Confirmed User Industry Role: Join Date: Jan 2002 Location: Clearwater, Florida Posts: 2,680	where did u quote that from? thats a fake quote!... liez __________________ Im fuckin retired

03-14-2002, 03:42 PM	#13
railz Confirmed User Join Date: Nov 2001 Posts: 2,531	Wow - you learn something new every day. So for a totally "effecitve" block, you could use deny from xxx.xxx.xxx.xxx deny from xxx.xxx.xxx deny from xxx.xxx.xxx.xxx/24 Assuming it's a class C of course. __________________ This Space for Rent

03-14-2002, 03:43 PM	#14
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	I was willing to help....not anymore...first you post a problem without any info...then you claim that you're allmighty and know it all......post again with info and wine you don't understand.... /etc/rc.d/init.d/apache stop <---my advice I'll guarantee it works! Even with IP spoofing dickhead! DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \| Last edited by ServerGenius; 03-14-2002 at 03:45 PM..

03-14-2002, 03:47 PM	#15
Plat Confirmed User Industry Role: Join Date: Jan 2002 Location: Clearwater, Florida Posts: 2,680	kk im sorry i apologize for being so rude. its been a long fucking day, im tired, want to go to sleep but no gotta find out how to fix this crap guy for good. and anyone who follows him. Now what is this here? /etc/rc.d/init.d/apache or are u just mad and tryin to get me to crash my server or something? :c) __________________ Im fuckin retired

03-14-2002, 04:04 PM	#16
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	/etc/rc.d/init.d/apache stop will stop your webserver....it will stop the attack but it's not what you are looking for. THe IP range belongs to an university in Portugal 193.136.32.0 - 193.136.39.255 Try first blocking those nets. It are leaching students only that you will block. Their router blocks IMCP traffic so you can't ping/trace any ip within that block. If you have access to IP chains of IP tables block that range in there that's a lot better...then having your webserver to deal with it. DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-14-2002, 04:11 PM	#17
AdultWire Confirmed User Join Date: Feb 2002 Location: Toronto, ON Posts: 962	Your first mistake was thinking you knew what you were talking about. It doesn't matter how a user comes in. Put the .htaccess in the directory with the content you wish to protect. Read this 10 times before you come back in here being soooo right again. __________________ SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

03-14-2002, 04:32 PM	#20
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	if that IP is a firewall all traffic from behind that ip can appear to come from that IP....it all depends on their setup. I did a traceroute on that IP it stops with a router from that another class within that netblock...I looked up the netblock at the ripe whois database.... it can be a firewall, a proxy, or just a host....all I can see is that either a router or firewall is dropping ICMP traffic that's why you get the expire ttl message.... Blocking that whole netblock would be my first try if I would not have access to ipchains DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-14-2002, 04:39 PM	#21
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	Afterall it's not that hard using php to force fake headers for a http request..... DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-14-2002, 05:01 PM	#22
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	I assume you have it solved....I can go to bed now DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-14-2002, 05:41 PM	#23
Plat Confirmed User Industry Role: Join Date: Jan 2002 Location: Clearwater, Florida Posts: 2,680	Yes I read about sending fake headers and am trying figure out the proper code. Anyone know the PHP code for this? Maybe i am just a poon and this is forcing a fake header but I doubt it. My current php file looks like this <?php Header("Location:http://www.domain.com/cgi-bin/ucj/c.cgi?url=$url&link=$link&p=$p"); exit; ?> __________________ Im fuckin retired Last edited by Plat; 03-14-2002 at 05:52 PM..

03-14-2002, 06:48 PM	#24
TheFLY So Fucking Banned Join Date: Jan 2001 Location: http://www.thefly.net/ --- Quit your job and live off steady traffic. Posts: 11,856	I like this thread ;) let us know if you were finally able to stop this IP!

03-14-2002, 09:39 PM	#25
Za Ha Confirmed User Join Date: Oct 2001 Location: Still lost Posts: 5,112	Hey Plat do you ever write back on icq? 61294953

03-15-2002, 12:33 AM	#26
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	I just woke up again.....did you solve it? DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-15-2002, 09:54 AM	#27
Plat Confirmed User Industry Role: Join Date: Jan 2002 Location: Clearwater, Florida Posts: 2,680	shit he's back again 193.136.33.209 I even tried the 193.136.33.0/24 method that is in .htaccess right as I speak. Still no go. How do I force headers using php? __________________ Im fuckin retired

03-15-2002, 10:12 AM	#28
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	193.136.32.0 - 193.136.39.255 deny all those nets deny from 193.136.32.0/24 deny from 193.136.33.0/24 deny from 193.136.34.0/24 deny from 193.136.35.0/24 deny from 193.136.36.0/24 Then you have that whole netblock banned...that will work! DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-15-2002, 11:23 AM	#29
Plat Confirmed User Industry Role: Join Date: Jan 2002 Location: Clearwater, Florida Posts: 2,680	K this is freaky.. im denying all those netblocks and it is still getting through!!! __________________ Im fuckin retired