ATTENTION: Anyone Who Uses Prosper202 - Read this.

Status
Not open for further replies.
"OPEN SOURCE"? Is he out of his mind?

I don't know what they're thinking, but i'm glad. Kinda jealous cause at least, if you co-op with some programming firms and make it more commercial-friendly. Hhhhmm
 


So i just checkled previous login attempts and looks like someone tried to login and failed from this ip:

OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU

ReferralServer: whois://whois.afrinic.net

NetRange: 41.0.0.0 - 41.255.255.255
CIDR: 41.0.0.0/8
NetName: NET41
NetHandle: NET-41-0-0-0-1
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
Comment:
RegDate: 2005-04-12
Updated: 2005-07-12


how can i block that IP address from my site?
 
rgordon83 said:
So i just checkled previous login attempts and looks like someone tried to login and failed from this ip:

OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU

ReferralServer: whois://whois.afrinic.net

NetRange: 41.0.0.0 - 41.255.255.255
CIDR: 41.0.0.0/8
NetName: NET41
NetHandle: NET-41-0-0-0-1
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
Comment:
RegDate: 2005-04-12
Updated: 2005-07-12


how can i block that IP address from my site?
Click to expand...

Lets assume you are using apache.
Create or edit .htaccess

Add these lines to the top:

order allow,deny
deny from 1.2.3.4
allow from all

That is it, just replace 1.2.3.4 with the ip you want to block.

If you are using something else other then apache let me know and I will tell you how to block the ip.

Okay, I have a hostmonster account and here is how to add it in cpanel, I don't know if other hosting companies cpanel's are setup the same but here is what you do for hostmonster.
Login to your hostmonster account and load the cpanel.
In the cpanel go to the Security box.
In the Security box you will see IP Deny Manager, click on it.
Type in the ip you want to block in the box on that page and click add.
 
Last edited:
For us tech challenged folks- if we've upgraded to 1.1.2 are there still precautions needed to secure the config file or DB?

My sincere thanks to all- any of you who volunteered your time to fix this drinks on me in NYC if you PM me.
 
Sonny Forelli said:
For us tech challenged folks- if we've upgraded to 1.1.2 are there still precautions needed to secure the config file or DB?

My sincere thanks to all- any of you who volunteered your time to fix this drinks on me in NYC if you PM me.
Click to expand...

It wouldn't hurt to change your database password.
Once you are updated to 1.1.2 you are secure from this vulnerability.
It is always a good idea to make sure nobody else is trying or has access to your prosper account by viewing the Administration page.
The link is at the top right.
 
  • Like
Reactions: Sonny Forelli
Tough Marketing said:
It wouldn't hurt to change your database password.
Once you are updated to 1.1.2 you are secure from this vulnerability.
It is always a good idea to make sure nobody else is trying or has access to your prosper account by viewing the Administration page.
The link is at the top right.
Click to expand...

looks good from the access- will change the DB pass.

Thank you
 
Should we keep P202 on a secured domain like HTTPS? Does logging into P202 on a HTTP site make it easy for people to see our log in info.

I don't understand how security stuff works but I guess its safe since most Affiliate Networks have us logging into HTTP sites.
 
PSU4Life said:
Should we keep P202 on a secured domain like HTTPS? Does logging into P202 on a HTTP site make it easy for people to see our log in info.

I don't understand how security stuff works but I guess its safe since most Affiliate Networks have us logging into HTTP sites.
Click to expand...
Anyone with the means can sniff cleartext passwords over HTTP. That's why HTTPS exists.
 
jenzkc said:
Anyone with the means can sniff cleartext passwords over HTTP. That's why HTTPS exists.
Click to expand...

Good to know. Is there a way to protect ourselves when logging into HTTP sites like Adwords? I read some blogs where peoples Adwords accounts were hacked into maybe this is what happened.
 
Now this is open source I think I'm going to start using it or a variation of it.

These guys are super cool and I actually feel bad for them, despite my suspicious mind. I think these guys are generally nice guys.
 
PSU4Life said:
Should we keep P202 on a secured domain like HTTPS? Does logging into P202 on a HTTP site make it easy for people to see our log in info.

I don't understand how security stuff works but I guess its safe since most Affiliate Networks have us logging into HTTP sites.
Click to expand...

I don't personally use https or anything but if you have a dedicated server or a vps make sure the host is not vulnerable to arp poisoning.

If the host is vulnerable to arp posioning someone can easily hack you and get anything you do between you and your server.
 
PSU4Life said:
Good to know. Is there a way to protect ourselves when logging into HTTP sites like Adwords? I read some blogs where peoples Adwords accounts were hacked into maybe this is what happened.
Click to expand...

Chances are no one can hack your adwords account. If they were hacked, maybe someone hacked their prosper and the person had the same password on their adwords account. Check out roboform, all of my passwords are random and stored on my roboform. When I first saw someone using it I thought what a hassle and I was hacked and decided to try it, I won't use anything else.
 
stumpyb said:
doing
Code: 
if($_SERVER['REMOTE_ADDR'] = 1.2.3.4) { header( 'Location: http://makemoniesonline.com' ); }
would be funnier than htaccess
Click to expand...

Haha, that was gay!
Good idea though.
You could actually only allow your ip using this same method.
Set 2.3.4.5 to your ip.

Code: 
 if($_SERVER['REMOTE_ADDR'] != 2.3.4.5) { header( 'Location: http://makemoniesonline.com' ); }

If you log in from multiple ip's do this.

Code: 
 if($_SERVER['REMOTE_ADDR'] != 2.3.4.5 || $_SERVER['REMOTE_ADDR'] != 3.4.5.6) { header( 'Location: http://makemoniesonline.com' ); }
 
does prosper202 use a header file or some other file that's always included? i don't use it, but i'd assume it does.

if header.php exists, put this on the second line (under <?php)

Code: 
if($_SERVER['REMOTE_ADDR'] = 1.2.3.4) { header( 'Location: http://makemoniesonline.com' ); }

obviously replace 1.2.3.4 with the ip you want banned, and if you wanted to do it like the guy above said (only allow the ip you connect from) use

Code: 
if(!$_SERVER['REMOTE_ADDR'] = 1.2.3.4) { header( 'Location: http://makemoniesonline.com' ); }

and replace with your own ip
 
Status
Not open for further replies.
Top Bottom
Back