I just installed 1.1.3 2 days ago (upgraded to 1.1.4 few minutes ago)

Last night my 404 scrpt was fired by a broken link, second later by a viewthread with %%% signs, etc, so I checked the logs to see what's going on, and found more 404s that were pending in the email.

started a tail -f to see what this user was doing, she/he was a guest since we're only 3 members testing, and none of their ips were in asia.

As a guest (just allowed to view) s/he was able to start the moderator script with user ids view, ips etc. I maybe mistaken since I don't know yet what the logs are supposed to look like, but the command were starting with moderator.php?......

That was starnge by itself, but in addition, this seemed scripted by the user/attacker, since all ids used were incrementing until it got out of bound and all in a second or two. Simultaniously they were sucking up all my other none vb pages and graphics, which is no big deal since many software packages can do that. But the logs show he scanned everything in vb's database in seconds.

I can post the logs here if neccesery, but maybe some of you can tell me without them if this is normal and my observation of the logs were misunderstood?

[Oops - misread the message]
Could you please send your logs to ed@ubbhackers.com? :) I'm not sure if they were doing a general DOS attack or looking for something specific. I suggest you look around your user stuff in the control panel to confirm that there isn't anything weird.

Thanks!

[Edited by Ed Sullivan on 10-31-2000 at 05:53 PM]

Thanks Ed, I'll send them to you shortly.

Hi Ed, how does it look?

that's scary and i would like to know what this is about too..

Sorry, forgot to email you back :)

They just look like someone was using an offline browsing script (ie, it caches every link) - doesn't look bad too me.

Thanks Ed, makes sense, as it did look scripted.