hi friends i have big problem my site "http://proxy-anonymizer.com/" is suspended from hosting reason : original mail from hosting : your website http://proxy-anonymizer.com php was in a loop or being attacked checking logs - we found thousands of links generated by 204.8.150.32 204.8.150.32 - - [02/Dec/2008:11:33:38 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:38 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:38 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:38 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GoogleT5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8)" 204.8.150.32 - - [02/Dec/2008:11:33:39 -0500] "GET /browse.php?u=Oi8vc21oLmNvbS5hdS9jc3MvaW1nL2JnX2JvZHkuZ2lm&b=13 HTTP/1.1" 404 3671 "http://proxy-anonymizer.com/browse.php?u=Oi8vYnVzaW5lc3Muc21oLmNvbS5hdQ%3D%3D&b=13" "Mozilla/4.0 (compatible; MSIE 6.0; causing websites on server to timeout - we are blocking IP 204.8.150.32 - Code (markup): this ip is not my site or server ip does someone know how to sollow this problem ? thanks
Your site is working fine and it is not suspended and from the email it seems that they have blocked the IP from which your site was being attacked. Kailash
thanks for reply i know site working now i contacted support and asked him to let my site working so i can acces admin panel and try to fix all from there now site working but if he cause problem again he will be suspended again now my other site not working omg i spend more than 5 h to make my site work and now sometimes he work sometimes not i tryed everything but noting helps OMG
look like there is an exploit for your php file browse.php ... It is allowing hacker to use your site to access another remote site.
It's a proxy site: browse.php?u=encryptedURLhere, which would mean it has nothing to do with hackers, but there definitely is someone pounding away at that script
its just a person who is trying to access the proxy to open a large resource site or something like that.. you could block the ip via .htaccess
And yet that's an effective method and takes about 30 seconds to accomplish. But SSANZ is right...consider adding logging to your script and some other changes. But if you can't read logs and didn't understand what that email means then I don't think you will know how to properly run your script securerly to prevent this from happening again. I run my own custom proxy script that gives me a lot more control. The problem with the generally available proxy scripts is that they are easy to exploit or attack. Few take the time to alter them into more functional scripts. I know I won't publically release my proxy.