#1  
Old 2nd December 2012, 05:05
blinky blinky is offline
Member
 
Join Date: Sep 2012
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
Default phpbb3 - nuisance visitor

About three months ago I decided to set up a Ubuntu server complete with mail, web and ftp services. Not for any particular reason other than I just wanted to do it. I managed to get the everything up and running so have been looking at some add-ons, one of which is phpbb3.

It's up and running and I beleived everything was fine until yesterday when suddently there was a flurry of activity on this otherwise quite system. Just total nonsense was posted in the single forum from a variety of users (all of whom registered). I nuked the whole lot, locked down the forums a bit more but now continually get access attempts as follows:

Code:
178.137.165.56 - - [01/Dec/2012:22:21:44 -0500] "GET /phpbb/index.php HTTP/1.0" 200 6464 "http://www.mydomain.com/phpbb/index.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; AskTbCFTP2V5/5.14.1.20007)"
178.137.165.56 - - [01/Dec/2012:22:21:44 -0500] "GET /phpbb/index.php HTTP/1.0" 200 6464 "http://www.mydomain.com/phpbb/index.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; AskTbCFTP2V5/5.14.1.20007)"
178.137.165.56 - - [01/Dec/2012:22:21:45 -0500] "GET /phpbb/index.php HTTP/1.0" 200 6464 "http://www.mydomain.com/index.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; AskTbCFTP2V5/5.14.1.20007)"
178.137.165.56 - - [01/Dec/2012:22:21:45 -0500] "GET /phpbb/index.php HTTP/1.0" 200 6464 "http://www.mydomain.com/index.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; AskTbCFTP2V5/5.14.1.20007)"
178.137.165.56 - - [01/Dec/2012:22:21:45 -0500] "GET /phpbb/index.php HTTP/1.0" 200 6464 "http://www.mydomain.com/index.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; AskTbCFTP2V5/5.14.1.20007)"
I've tried adding that IP address to the PHPBB "IP Ban" list. Tried adding it to an .htaccess file both in the root web directory and in the /usr/share/phpbb3/www directory... that didn't work either. I've even entered the IP address in the "advanced settings" of the router's "Inbound Filter" settings to deny access. Not even that worked.

It's like the IP address being reported in the apache2/access.log file isn't accurate.

I'm at a total loss......

Help! Au secour!
Reply With Quote
Sponsored Links
  #2  
Old 2nd December 2012, 12:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by blinky View Post
Tried adding it to an .htaccess file both in the root web directory and in the /usr/share/phpbb3/www directory...
What exactly did you add to your .htaccess files?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 2nd December 2012, 16:13
blinky blinky is offline
Member
 
Join Date: Sep 2012
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Quote:
Originally Posted by falko View Post
What exactly did you add to your .htaccess files?
I added the IP address of the offending site. (I also copied the .htaccess file from /var/www to /usr/share/phpbb3/www so both locations contain the same file. The .htaccess file is as follows:
Code:
#GLOBAL BAD BOT EXCLUSION
SetEnvIfNoCase User-Agent "^Yandex*" bad_bot
<Limit GET POST>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</Limit>
#END GLOBAL BAD BOT EXCLUSION
#
#SPECIAL PROVISION TO BLOCK BAIBU-BOT
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Baiduspider [NC]
RewriteRule .* - [F]
#END SPECIAL PROVISION TO BLOCKI BAIDU-BOT
#
#BLOCK SPECIFIC IP ADDRESSES
Order deny,allow
Deny from 5.9.63.172
Deny from 37.140.141.15
Deny from 61.155.106.210
Deny from 65.55.24.87
Deny from 65.55.24.215
Deny from 65.55.24.244
Deny from 65.55.52.87
Deny from 66.249.74.221
Deny from 66.249.75.67
Deny from 78.158.11.226
Deny from 87.244.132.228
Deny from 91.121.169.209
Deny from 91.205.189.15
#Baidu Spider start
Deny from 123.125.71.15
Deny from 123.125.71.18
Deny from 123.125.71.35
Deny from 123.125.71.47
Deny from 123.125.71.53
Deny from 123.125.71.69
#Baudi spider end
Deny from 149.3.152.246
Deny from 157.55.35.35
Deny from 157.56.229.88
Deny from 168.62.176.62
Deny from 178.137.89.184
Deny from 178.137.165.56
Deny from 178.154.164.251
Deny from 180.76.5.98
Deny from 180.76.5.107
Deny from 180.76.5.177
Deny from 190.120.231.35
Deny from 193.43.252.252
Deny from 210.211.125.10
Deny from 220.181.51.81
#
I believe this has worked thus far. What I'm at a real loss to explain is why the router's "inbound filter" and it's "DENY" option isn't working. It's like the requests are coming from a different IP address that what Apache is showing in the access.log file.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
dansguardian -- Nuisance proxy GranvilleWoods Installation/Configuration 1 15th May 2012 12:54
Installing phpbb3 for multiple clients halsafar Installation/Configuration 1 4th May 2012 09:17
Ubuntu 9.1 and phpbb3 bluedrakonis HOWTO-Related Questions 11 9th January 2010 15:36
Apache2/PHP error after phpBB3 install sagor Installation/Configuration 2 6th May 2008 09:59


All times are GMT +2. The time now is 02:39.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.