32 replies to this topic

[MorrisAddison]

just found this was posted back in July

http://mashable.com/2011/07/04/bing-baidu-partnership

so it looks like this search bot is here to stay... people say its the google of China.

here there wiki page

http://en.wikipedia.org/wiki/Baidu

~Morris

[GI_]

Yes but this Baidu gets past .htaccess and cpanel ip banning. Must be some way to stop it.
I banned a whole range of ip addresses but it came back using one of them that were banned :evil:

[GI_]

Recieved this tonight. Does this mean baiduspider tried to hack the site ?

Date & Time: 2011-10-01 19:22:23 EDT GMT -0400
Blocked IP: 180.76.5.138
User ID: Anonymous (1)
Reason: Abuse-CLike
--------------------
User Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
Query String: http://www.deadlydozen2maps.co.uk/modules.php?name=Spambot_Killer&count=&salt=976uh3afjj5ew1n6h3miovisyyuiji
Get String: http://www.deadlydozen2maps.co.uk/modules.php
Post String: http://www.deadlydozen2maps.co.uk/modules.php?name=Spambot_Killer&count=&salt=976uh3afjj5ew1n6h3miovisyyuiji
Forwarded For: none
Client IP: none
Remote Address: 180.76.5.138
Remote Port: 35609
Request Method: GET
--------------------

[TheMortal]

I don't think it was an attempt to hack your site, but hard to say really. If Technocrat was still around u could show that query string to him and he could tell u if it was a hack attempt, but Techno and Jeff r gone now, so there is not anyone else who is knowledgeable with such things. If u know someone who knows the PhpNuke/Nuke-Evolution & php coding very well, then u could ask him or her.

Baidu is definitely one of those BAD BOY bots...  :twisted:

I seem to remember doing something within either the .htaccess file and/or Sentinel module that blocked it when Realm Designz ran the Nuke-Evolution software, but that has been some time ago. I will go down to the vault and check to c if I archived a copy of the old Realm Designz (Nuke-Evolution) files.

[GI_]

I went into admin/User Admin/Ban Control and followed the instructions in there to ban a complete range of ip's.:
"IP addresses or hostnames:
To specify several different IP addresses or hostnames separate them with commas. To specify a range of IP addresses, separate the start and end with a hyphen (-); to specify a wildcard, use an asterisk (*)."
I entered 180.76.5.0-180.76.5.255 and then Submit and it banned the whole list. This is when i started to get these emails, so i am wondering if this method worked and i am getting these emails because that ip address used from Baiduspider is in the banned range.

[TheMortal]

GI_ said:

I went into admin/User Admin/Ban Control and followed the instructions in there to ban a complete range of ip's.:
"IP addresses or hostnames:
To specify several different IP addresses or hostnames separate them with commas. To specify a range of IP addresses, separate the start and end with a hyphen (-); to specify a wildcard, use an asterisk (*)."
I entered 180.76.5.0-180.76.5.255 and then Submit and it banned the whole list. This is when i started to get these emails, so i am wondering if this method worked and i am getting these emails because that ip address used from Baiduspider is in the banned range.

What sort of emails r u getting  :?:
Is it an email stating something about a block ip# or what  :?:

U know that u can use Nuke Sentinel to block an ip# or range. Admin Page --> Nuke Sentinel --> Blocked Range Menu --> Add Blocked Range

At the bottom above the BUTTON, u can UNCHECK the box in case u do not want to add another blocked range. After u enter the ip# range, it will bring up a list of all or whatever block ip ranges u have. Find the one u just entered and add it to your .HTACCESS File

Nuke Sentinel is what u should within the Nuke-Evolution/Xtreme Software.

[GI_]

Got another one today identical to the first and with the same time, GMT 0400, different date and still in the same ip range, different port.
Seems they are trying to access my Modules.php and getting blocked.

---------------------------------
Date & Time: 2011-10-02 14:19:21 EDT GMT -0400
Blocked IP: 180.76.5.162
User ID: Anonymous (1)
Reason: Abuse-CLike
--------------------
User Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
Query String: http://www.deadlydozen2maps.co.uk/modules.php?name=Spambot_Killer&count=&salt=rdu8evrl1az0qqnvrjl98gwi8qm6yy
Get String: http://www.deadlydozen2maps.co.uk/modules.php
Post String: http://www.deadlydozen2maps.co.uk/modules.php?name=Spambot_Killer&count=&salt=rdu8evrl1az0qqnvrjl98gwi8qm6yy
Forwarded For: none
Client IP: none
Remote Address: 180.76.5.162
Remote Port: 16214
Request Method: GET
--------------------

I will try out the Nuke Sentinel as well. So far the ip range is blocked in 4 different places  
The .htaccess, Cpanel, and 2 places in the Admin, Nuke Sentinel will make 5 8-)

[GI_]

Just tried to get into Nuke Sentinel and none of the links are working exept the top one which goes to an arror page as followes:

-------------------------------
An error occurred
Page not found
Exception information:

Message: Invalid controller specified (modules.php)
Stack trace:

#0 /usr/share/ZendFramework-1.11.5-minimal/library/Zend/Controller/Front.php(954): Zend_Controller_Dispatcher_Standard->dispatch(Object(Zend_Controller_Request_Http), Object(Zend_Controller_Response_Http))
#1 /usr/share/ZendFramework-1.11.5-minimal/library/Zend/Application/Bootstrap/Bootstrap.php(97): Zend_Controller_Front->dispatch()
#2 /usr/share/ZendFramework-1.11.5-minimal/library/Zend/Application.php(366): Zend_Application_Bootstrap_Bootstrap->run()
#3 /var/www/nukescripts.net/trunk/htdocs/index.php(34): Zend_Application->run()
#4 {main}		

Request Parameters:

array (
  'controller' => 'modules.php',
  'action' => 'index',
  'module' => 'default',
  'name' => 'Downloads',
  'cid' => '700',
)
----------

POST EDIT:
Got it working and banned an ip range but if you look at the ones already banned below mine there are the one's in the emails i am getting.
How did they get banned by Nuke sentinel and who or what is CLike, also in the emails ? :roll:

[TheMortal]

GI_ said:

How did they get banned by Nuke sentinel and who or what is CLike, also in the emails ? :roll:

Nuke-Evolution comes with Nuke-Sentinel and also comes with a Spambot killer that lists a ton of emails that by default are denied access to the site and when a BOT tries to scan those emails using a salt key they get banned.

Nuke Sentinel is doing its job correctly. Abuse-CLike is the type of abuse action that the spambot is trying to do. The ones to keep an eye open for r the.... Abuse-Union ones. But if Nuke-Sentinel ends up blocking a Union attack, then really nothing to worry about. Means that Nuke-Sentinel is doing their job and blocking whoever is trying to attack and enter your site.

When Realm Designz was using the Nuke-Evolution CMS Software, the site was always getting Union Attacks by the country... Turkey. Not 1 Union Attack ever succeeded, every single one FAILED. I had the site locked down.

Nuke-Sentinel is what u should have setup for your site to use. Very good security. Just b absolutely sure that u have it setup correctly. Like the htaccess Path and staccess Path. Most of the above settings u do not need to change, but the Block Proxies I usually put to... STRONG LEVEL.

Hope this info helps.  

[GI_]

Thanks for that, the site is now firmly locked down in 5 places 8-)
Congratulations on this new theme here, very easy on the eye, easy to read, good colors 8-)

[TheMortal]

GI_ said:

Thanks for that, the site is now firmly locked down in 5 places 8-)

Your welcome. Glad u got it locked down.

One other thing I forgot to mention. In your Admin Page --> Modules, make sure that the NukeSentinel has a check mark to make it ACTIVE, ok.

Quote

Congratulations on this new theme here, very easy on the eye, easy to read, good colors 8-)

Thanks. I thought it was time for a change with the site theme.

[GI_]

It would seem that Baidu is gone from my site for good since i banned that ip range in NukeSentinel, havn't seen it for at least a week now. Thanks for the help in this and hope it helps others to do the same 8-)

[TheMortal]

That's great to hear GI_.     Hopefully it will stay off your site.