Hacking attempts??

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Hacking attempts??

MichaelAtOz
I saw a previous lot of these in the NAML logs, and cleared the logs.
On rechecking there are more, so it looks to me there is active hacking attempts.
See Log file: Openscad_forum_NAML_Log_20171126_Hacks.txt

Anyway to check the IP of these or anything else to be done?
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

Gary Lewis
How do you get to that report?  I'm new at this.  
I'm not Nabble support, but have Nabble running on my Weebly website: http://www.garysgaragemahal.com/
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

MichaelAtOz
To get into NAML mode click 'Edit this page' bottom right. (there may be a better way but that's what I know)



Click the green gear icon, a drop down menu gives you View Logs.
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

Gary Lewis
Thanks   Mine says "Log is empty".  Did you have to do something to enable yours?
I'm not Nabble support, but have Nabble running on my Weebly website: http://www.garysgaragemahal.com/
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

MichaelAtOz
My test log is also Empty.

Looking at the OP log, things like: (please don't click these)
http://forum.openscad.org/template/NamlServlet.jtp?macro=user_nodes&user=1714%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1  referer=null
&
2017-11-23 20:19:04  http://forum.openscad.org/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html!nabble:email.naml&base=nabble.naml.namespaces.BasicNamespace-nabbl  referer=null

Look like probes.

We had spammers using the OpenSCAD forum, when we had open registration,
I implemented moderated registration to stop it.

I wouldn't be supprised that annoyed a spammer & they look for other exploits??

Not that the forum has that many users...

To Nabble support;
Is there any way to add a userid (if logged on) to the log messages and/or IP address?

If these are spurious things from all over, they are of less concern.
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

haozwang<Nabble>
okay, let me see if Franklin can do it
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

haozwang<Nabble>
okay franklin added the requested logging
Reply | Threaded
Open this post in threaded view
|

Re: Hacking attempts??

MichaelAtOz
Thanks.

Only one entry so far, the IP address (216.244.66.240) is showing on abuse reporting sites. I'll keep an eye on it.