Hacking attempts??

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Hacking attempts??

MichaelAtOz
I saw a previous lot of these in the NAML logs, and cleared the logs.
On rechecking there are more, so it looks to me there is active hacking attempts.
See Log file: Openscad_forum_NAML_Log_20171126_Hacks.txt

Anyway to check the IP of these or anything else to be done?
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

Gary Lewis
How do you get to that report?  I'm new at this.  
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

MichaelAtOz
To get into NAML mode click 'Edit this page' bottom right. (there may be a better way but that's what I know)



Click the green gear icon, a drop down menu gives you View Logs.
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

Gary Lewis
Thanks   Mine says "Log is empty".  Did you have to do something to enable yours?
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

MichaelAtOz
My test log is also Empty.

Looking at the OP log, things like: (please don't click these)
http://forum.openscad.org/template/NamlServlet.jtp?macro=user_nodes&user=1714%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1  referer=null
&
2017-11-23 20:19:04  http://forum.openscad.org/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html!nabble:email.naml&base=nabble.naml.namespaces.BasicNamespace-nabbl  referer=null

Look like probes.

We had spammers using the OpenSCAD forum, when we had open registration,
I implemented moderated registration to stop it.

I wouldn't be supprised that annoyed a spammer & they look for other exploits??

Not that the forum has that many users...

To Nabble support;
Is there any way to add a userid (if logged on) to the log messages and/or IP address?

If these are spurious things from all over, they are of less concern.
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

haozwang<Nabble>
Administrator
okay, let me see if Franklin can do it
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

haozwang<Nabble>
Administrator
okay franklin added the requested logging
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

MichaelAtOz
Thanks.

Only one entry so far, the IP address (216.244.66.240) is showing on abuse reporting sites. I'll keep an eye on it.