|
|
| Author |
Message |
Hony
Site Admin
Joined: 25 Jan 2003
|
| Posted: Mon Nov 15, 2004 2:33 pm Post subject: Hackers.. / Hackers.. |
|
|
Someone with an IP address in russia ran a scan on my server last night... Wasting everybody's time and resource:
Excepts:
62.76.117.18 - - [14/Nov/2004:01:00:28 -0500] "GET SCANNER HTTP/1.1" 400 - "-" "-"
62.76.117.18 - - [14/Nov/2004:01:00:35 -0500] "GET / HTTP/1.0" 200 24448 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:00:41 -0500] "GET / HTTP/1.0" 200 15688 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:00:41 -0500] "PUT /qmkwgixbrk.txt HTTP/1.1" 403 - "-" "-"
62.76.117.18 - - [14/Nov/2004:01:00:46 -0500] "GET /phpinfo.php HTTP/1.0" 404 6440 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:00:57 -0500] "GET /scripts/phpinfo.php HTTP/1.0" 404 6440 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:01:08 -0500] "GET /cgi-bin/phpinfo.php HTTP/1.0" 404 6440 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:01:16 -0500] "GET /phpBB/phpinfo.php HTTP/1.0" 404 6440 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:01:27 -0500] "GET /php/phpinfo.php HTTP/1.0" 404 6440 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:01:40 -0500] "GET /non-cgi/kprropjeoy/unfile.log HTTP/1.0" 404 6440 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:01:50 -0500] "GET /cgi-bin/tpjpunqete/unfile.htm HTTP/1.0" 404 6440 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:02:01 -0500] "GET /cgi-bin/suuhhuvrgq.cgi HTTP/1.0" 404 6440 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:02:12 -0500] "GET /cgi-bin/lmixoujrql.pl HTTP/1.0" 404 6440 "-" "-"
62.76.117.18 - - [14/Nov/2004:01:02:22 -0500] "GET /scripts/%2e%2e/%2e%2e/..%c0%af../..%c0%af../klnogkpmnv/klnogkpmnv.exe HTTP/1.0" 400 - "-" "-"
62.76.117.18 - - [14/Nov/2004:01:02:29 -0500] "GET /../../../../../../../../../ldsfxyjuwa/ldsfxyjuwa.xs HTTP/1.0" 400 - "-" "-" |
|
| Back to top |
|
 |
LordofOceans
Newbie
Joined: 13 Nov 2004
|
| Posted: Tue Nov 16, 2004 7:40 pm Post subject: Are you sure that was from Russia? / Hackers.. |
|
|
Be carefull because it can't be from Russia, you have to do a trace route on that ip because it can be a proxy 
Best Regards
LordofOceans |
|
| Back to top |
|
|
Hony
Site Admin
Joined: 25 Jan 2003
|
| Posted: Tue Nov 16, 2004 8:46 pm Post subject: / Hackers.. |
|
|
Sure, traced it all the way back and the box was still on line; not even properly firewalled.
Hony |
|
| Back to top |
|
|
LordofOceans
Newbie
Joined: 13 Nov 2004
|
| Posted: Wed Nov 17, 2004 5:06 am Post subject: Loosers / Hackers.. |
|
|
Yeah maybe are some looser trying to kidding with the bbs php system
But it seams that are a litle hacker, because just worked with HTTP protocol 
Best regards
LordofOceans |
|
| Back to top |
|
|
Hony
Site Admin
Joined: 25 Jan 2003
|
| Posted: Wed Nov 17, 2004 5:35 pm Post subject: / Hackers.. |
|
|
Script kiddies using automated tools, not really hackers.
Hony |
|
| Back to top |
|
|
showxstream
Newbie
Joined: 02 Jun 2005
|
| Posted: Thu Jun 02, 2005 8:07 am Post subject: / Hackers.. |
|
|
Actually phpBB suffers from the same problem it had in the previous version too. They said they had all the code re-written but in fact the mysql injection bug still works under some circumstances. I know this answer comes much much later after the last reply but it worths to think twice about changing this forums software. Unless adult-webcam-faq.com us using a version newer than 2.0.8.
Yours
SXS
| Quote: |
Critical sql injection bug in PhpBB 2.0.8 and in older versions
Author: Janek Vind "waraxe"
Date: 26. March 2004
Location: Estonia, Tartu
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PhpBB is widely used and very popular forum software, written in php.
Homepage: http://www.phpbb.com/
Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PhpBB 2.0.x is written very carefully and securely. But even there can be bugs,as mysql injection one which will give to potential malicious attacker sensitive information from database - admin's username and password's md5 hash.
|
|
|
| Back to top |
|
|
Register
Log in
