Author |
Message |
dad7732
RavenNuke(tm) Development Team

Joined: Mar 18, 2007
Posts: 1242
|
Posted:
Sat Feb 13, 2010 9:44 am |
|
This showed up this morning when checking user-agents:
Code:
<?php phpinfo(); ?>
|
What's up with that, a user with that UA was checking a particular post in the forum. Anything to be concerned with?
Cheers |
|
|
|
 |
Raven
Site Admin/Owner

Joined: Aug 27, 2002
Posts: 17088
|
Posted:
Sat Feb 13, 2010 10:33 am |
|
dad7732 wrote: | This showed up this morning when checking user-agents:
Code:
<?php phpinfo(); ?>
|
What's up with that, a user with that UA was checking a particular post in the forum. Anything to be concerned with?
Cheers |
Someone is trying to inject that PHP code to see if they can get the phpinfo() information. And they can from many sites!
Search Google for phpinfo HTTP_USER_AGENT. Then click on any that say phpinfo().  |
|
|
|
 |
dad7732

|
Posted:
Sat Feb 13, 2010 10:48 am |
|
Can that be injected in a RN site? And can it be blocked as such in the harvester menu?
Thanks |
|
|
|
 |
spasticdonkey
RavenNuke(tm) Development Team

Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA
|
Posted:
Sat Feb 13, 2010 12:25 pm |
|
ooohhhh, that's bad. Shocked
having your phpinfo page indexed by Google??
lol, one even had ads setup on the page  |
|
|
|
 |
dad7732

|
Posted:
Sat Feb 13, 2010 12:37 pm |
|
That was the only string in the UA, nothing else, that's what interested me as I've never seen a UA like that before. |
|
|
|
 |
montego
Site Admin

Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
Posted:
Fri Feb 19, 2010 5:56 pm |
|
dad7732 wrote: | Can that be injected in a RN site? |
Doubtful. The only thing looking at the user agent string is NukeSentinel and its "tight".
Quote: | And can it be blocked as such in the harvester menu? |
I would think so. You could test it out using a browser plug-in which allows modification of the headers. |
_________________ Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
 |
dad7732

|
Posted:
Fri Feb 19, 2010 7:48 pm |
|
I have several ua switcher extensions for Firefox, may give it a whirl, thanks |
|
|
|
 |
slackervaara
Worker


Joined: Aug 26, 2007
Posts: 236
|
Posted:
Sat Feb 20, 2010 1:39 am |
|
In Sentinel click on:
Tracked IP Menu
Display Tracked User Agents
Here you can block individual user agents. |
|
|
|
 |
dad7732

|
Posted:
Sat Feb 20, 2010 8:05 am |
|
Yes, I know, that's an alternative and curious if that particular string could actually be blocked. But I was wondering if there were any consequences to blocking that string. Testing so far proves harmless. |
|
|
|
 |
montego

|
Posted:
Sat Feb 20, 2010 11:34 am |
|
Should be no consequences of blocking it via the Harvestor blocker (as it ONLY looks at the User Agent header). I also think it would hurt to block it via the string blocker unless you think you'll use that string somewhere in a news article, content, post, etc. |
|
|
|
 |
dad7732

|
Posted:
Sat Feb 20, 2010 12:05 pm |
|
I've only seen this once in many years using Sentinel, so really no cause to be overly concerned. Thanks for the heads up, it just caught me off-guard a bit.
Cheers |
|
|
|
 |
|