What scripts / forums do you ban and why?

AcuNett do you mean NUKE family, for big server loading?

UBB - Resource hog....
Ikonboard - Resource hog....
lstmrge.cgi - spam script...

YaBB
YaBBse
PHPNuke

A bunch of other things are under review right now.

Originally posted by jayjay
YaBB
YaBBse
PHPNuke

A bunch of other things are under review right now.

Hi Jason-

Why do you ban phpNuke?

-Lamar

Exploits that don't get submitted to the dev team, the time it takes them to fix code, and it can be a major resource hog.

The reasons for Yabb and YabbSE are simply, they are resource hogs.

Originally posted by jayjay
Exploits that don't get submitted to the dev team, the time it takes them to fix code, and it can be a major resource hog.

The reasons for Yabb and YabbSE are simply, they are resource hogs.

Okay, thanks.

-Lamar

Hi!

I am just wondering how you guys monitor if your hosted website is running such. Do you look into each one by one?

:)

Originally posted by consul
Hi!

I am just wondering how you guys monitor if your hosted website is running such. Do you look into each one by one?

:)

root@rum [~]# locate ultimatebb.cgi

:D

YaBB
UBB
Ikonboard

We do make exceptions for small sites.

Originally posted by sonichost
YaBB
UBB
Ikonboard

We do make exceptions for small sites.

Same

I have a few free accounts I gave out that basically offer 25mb space and 500mb transfer. I had this german guy ask me if he could install YaBB and since I didn't know that YaBB was a resource hog, I said he could. This is the messageboard, it doesn't appear to be too big:

http://www.dpc-clan.clangrounds.com/cgi-bin/yabb/YaBB.pl

How big does YaBB have to become before it's considered a resource hog, and what else should I watch out for? Thanks for your help, and thank you AcuNett for making this good thread. :)

we ban any cgi based forums because they are resource hogs.
We also ban irc scripts

The only scripts I outright ban are IRC related scripts. Other than that its sort of a case by case basis. If a users account appears like it is going to cause any sort of trouble than I would contact that person to come up with a solution. Honestly I havent had a problem with running a few large phpNuke sites as well as some medium sized forums (although the forums are php based).

Q- What scripts / forums do you ban??
A - No nice ones ever. Any spammer or cracker vulnerable script I delete right away.

Q- and why?
A - I host over 30 types of forums, PostNuke phpNuke sites to - why refuse any one webmaster his or her choice?

Well, I run an Ikonboard cgi forum on my site. The thing is I don´t get too many users at the same time there. The problem is when forums gets too busy.

I thought php forums were accepted everywhere?

We ban any script that utilize more than 5% of system resources and as well as thos cgi based forum.

Can someone with an extremely kind heart post all the filenames for the forums / scripts they ban? ;)

It would make a good "locate" list.

if possible i would like to know which forums are welcome??

UBB 5: Ultimate.cgi
UBB 6: ultimatebb.cgi
YaBB : YaBB.pl
Ikonboard: Ikonboard.cgi
--

Banned :D

Prohacker: Got anymore file names?

Or anybody?

I'm making a bash script, and I'm going to cron it. You guys are free to use it if you want.

How bout a bash script that will replace the script with a "This script has black listed on our servers due to it's extensive use of cpu resources" :)

how about..

0wn3d by d4 31it3 group of AcuNett :P

haha i'll see what I can do. My bash knowledge, is currently stumped on one thing. But I can fix it.

Originally posted by jayjay
Prohacker: Got anymore file names?

Or anybody?

I'm making a bash script, and I'm going to cron it. You guys are free to use it if you want.

:cool:

This means the end of the cgi forums era.

:(

I currently keep an eye out for:

"lstmrge.cgi"
"YaBB.cgi"
"nph-proxy.cgi"
"ikonboard.cgi"

I'm still using the FileMonitor perl script that was recommended here a while back for keeping an eye out for problem scripts... it can be obtained over at HTTP://Shaun.EthernetNetworks.com

I just set it to find said files, and dropped it into my cron file for nightly running. ;)

Almost done with the script, I just need to compile more cgi/perl based message board filenames, and a few other minor editions and package it and wala. : )

Took me awhile to find the best way to do it.

Don't have any ... yet...

really.....!

Hey guys!

What if the files were renamed as something else? For instance, the person renamed the file ikonboard.cgi to IB.cgi or something.
Will the script still detect it?

:)

We ban formmail.* and the various listmerge mailers for obvious reasons and also ban IRC-related anything. We're leaning toward banning proxy scripts as well, but haven't quite made that decision final yet.

Hey guys!

What if the files were renamed as something else? For instance, the person renamed the file ikonboard.cgi to IB.cgi or something.
Will the script still detect it?


Good question. The answer is no. But most people don't rename it, and if you have alot of time on your hands. You could always do *.cgi, but it could get messy. It's an option though.

Originally posted by AcuNett
What scripts / forums do you ban and why?
Ban them all I say!! Ban them all. Just serve plain old static html pages. :D :stickout

Originally posted by AcuNett
What scripts / forums do you ban and why?
UltimateBBS (all versions)
Ikonboard (all versions)
IRC Egg Drops
Proxy Servers
nph-proxy
The Anonymizer
any soap mailers
formmail.pl

AdCycle is very resource intensive.

Good. I hate AdCycle and block all sites with it. :D

If they change the filename, they would have to change the coding of the forum software as well. (I THINK, I haven't seen every forum) I doubt anyone would spend their time doing that ;).

Originally posted by zoli
AdCycle is very resource intensive.
Do you recommend any other ad banner system? I'm currently using that :bawling:

Originally posted by Shannon
I currently keep an eye out for:

"lstmrge.cgi"
"YaBB.cgi"
"nph-proxy.cgi"
"ikonboard.cgi"

I'm still using the FileMonitor perl script that was recommended here a while back for keeping an eye out for problem scripts... it can be obtained over at HTTP://Shaun.EthernetNetworks.com

I just set it to find said files, and dropped it into my cron file for nightly running. ;)

That CGI-proxy really hurts! I had a user using that and it was using 100% CPU (Athlon XP 1700+). Needless to say he wasn't running it for long.

Originally posted by MadCool

Do you recommend any other ad banner system? I'm currently using that :bawling:

I currently use http://www.advertpro.com/. It is not cheap, but it does worth the money you spend on it.

Zoltan

Hmm $500 dollars.. is it worth it? Would it cause a serverload?

This is on my list:

IRC egg drops
Proxy servers
Mail bombers
Anonymous mailers
IP spoofers
Port scanners
nph-proxy
UBB (Ultimate Bulletin Board, all versions)
Ikonboard, Yabb (all versions)
lstmrge.cgi
FormMail.*


I added lstmrge.cgi and nph-proxy today. A cron script would be really nice. Right now I do this command to find bad scripts on ensim:

#find '/home/virtual/' -iname nph-proxy.cgi

-Rupi

Ive used the proxy script before, multiple users (30+) at one time were browsing the web with it and CPU use was under 20% on a 1GHz P3.

But than again, it was causing kernel panics, so I got rid of it.

what would a person's alternative be for using those forum scripts? It looks like you banned all .pl/.cgi scripts. What about PHP?

PHP isn't as much of a resource hog. : )

Hello,

Was wondered how you can have a script check whether some scripts are installed on virtual hosts or not.

For example to see if PHPnuke or YaBB has been installed so automatically it will remove it.

Thanks in advance.

Yep.

How the script checkers work is they search the entire hard drive. So as long as its run by root, it will find files, vhosts or not.

http://404labs.com/jay/locate.tar.gz

You guys can use this ghetto bash script if you want. I'm still working on it, and will make it better and more complete over a short period of time. But for now...

5 Step Program:

1) Download it..
2) Edit the email address so it goes to you.
3) I have it in /usr/local/bin, you can put it anywhere you'd like.
4) Chmod locate.sh 755
5) Cron it, I have it running at 2:02AM & 5:02PM every day.

I'll make a post when I make it more complete, if anyone has any suggestions or file names to add. Please toss me an email. Thanks.

Links doesn't work J.

Can you put it online elsewhere or fix the link?

UBB, I used to praise it now I don't. Resource hog like no other...

This is in reply to a post back on the 2nd or 3rd page for folks looking for renamed formmail and whatnot.

grep on "sendmail -t" will yield anything that uses sendmail. Then you can backtrack and check out the scripts involved.

Iggy

Originally posted by TowerHost
Links doesn't work J.

Can you put it online elsewhere or fix the link? Well, that post is only seven months old. But, the link works for me anywho.

Link not working for me either.

Originally posted by jayjay

The reasons for Yabb and YabbSE are simply, they are resource hogs.
Have you bothered looking at YaBBSE 1.5.x?? It is very comprable to phpBB and Invision.

Originally posted by Shannon
I currently keep an eye out for:

"lstmrge.cgi"
"YaBB.cgi"
"nph-proxy.cgi"
"ikonboard.cgi"

I'm still using the FileMonitor perl script that was recommended here a while back for keeping an eye out for problem scripts... it can be obtained over at HTTP://Shaun.EthernetNetworks.com

I just set it to find said files, and dropped it into my cron file for nightly running. ;)
Does anyone know where I can get a copy of the FileMonitor script? The above link doesn't seem to work for me. :(

Link doesn't work, look forward to seeing this script and trying it out, if I am right it emails you the location of the file nothing else right?

What exactly does this script do? Just grep against known scripts?

Bump

I would also like to know about this FileMonitor script or other tools used for finding and banning scripts.

Hi

We don't ban anything. All sites are monitored closely by night and the owners of the sites are warned via email and occasionally suspended while the issue is being resolved. We have not had any real issues except with someone trying to run IRC bots, but that customer soon realised he wasn't for us and moved on :)

Thanks

Well you mention sites are monitored every night, with what?
Do you just use some "find" scripts?

Thanks