Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
deny from <ip address>
every-time I block them a few mins later they switch IPs and start again.
Im not sure what they are trying to do but im guessing they are trying to get a password or something. does anyone know what they are doing and how to stop them?
[edited by: trillianjedi at 9:09 pm (utc) on April 18, 2007]
[edit reason] We don't need specifics - thanks ;) [/edit]
i would just make sure that the file is secure and not worry about it.
but the name 'modules.php' sounds like something that might get delivered on every visit. what is in it? are you sure that it isn't just getting delivered to everyone who visits your site? or to everyone who visits a particular section of your site?
[edit --] if the page is just being referenced in your php script, then you could simply change the name of the file to something else. that would stop them. or if you feeling a bit braver, then you could move the page out of your root folder. because they won't be able to access it at all then, even if they know what the filename is.
but if it's an actual link that is in the search engines then obviously you wouldn't want to touch it
By the time your hacker figures it out, he would have gathered so much crap he won't know what to keep and what to trow away. :p
The file is a key script on my site but it is never called like they are calling it:
its normal use is
I would change the name but most of the scripts in my CMS reference that file so it will very hard to change them all... also there are links in search engines to it like:
Im guessing they are trying to log in or something, they are posting using a GET. is there any way for me to see what they are posting?
is there any way for me to see what they are posting?
Add a little programming that logs all input *before* cleansing. Open a plain text file somewhere, append it, monitor it closely, it will reveal what they're up to and how to stop it.
Probably a bot.
obviously you would change blahblah to whatever the variable is that you are testing for. if it finds that there is no value for the variable, then it should send you to the new page.
headers have to come at the very top of the script though-- before the page prints anything out-- so make sure it goes above the DOCTYPE, and everything else.
Adding an exit will immediately stop execution of the script when the condition is met, take a small amount of load off your server, and keep it from dumping other info back to the bot.