Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

A new attack target - GCalendar.
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.6.x
Author Message
webservant
Worker
Worker



Joined: Feb 26, 2006
Posts: 206
Location: Springfield, MA
PostPosted: Mon Jun 21, 2010 6:58 am Reply with quote
I haven't seen GCalendar targeted before. So, I figure that I'd share it with the community.

Code:
Created By: NukeSentinel(tm) 2.6.03


Date & Time: 2010-06-21 00:20:00 EDT GMT -0400


Blocked IP: 88.191.94.*


User ID: Anonymous (1)


Reason: Abuse-CLike


--------------------


Referer: none


User Agent: libwww-perl/5.805


HTTP Host: [ Only registered users can see links on this board! Get registered or login! ]


Script Name: /modules.php


Query String: name=GCalendar&fil...wday&y=2007&m=12&d=23&e=1/*.php?option=com_gcalendar&controller=../../../../../../../../../../../../../../../proc/self/environ


Get String: name=GCalendar&fil___wday=&y=2007&m=12&d=23&e=1/*.php?option=com_gcalendar&controller=../../../../../../../../../../../../../../../proc/self/environ\0


Post String: Not Available


Forwarded For: none


Client IP: none


Remote Address: 88.191.94.188


Remote Port: 43792


Request Method: GET


--------------------


Who-Is for IP

_________________
Awaiting His Shout
Webservant - GraciousCall.org
Romans 8:28-39 
View user's profile Send private message Visit poster's website AIM Address
Palbin
Site Admin



Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania
PostPosted: Mon Jun 21, 2010 7:05 am Reply with quote
They must be trying that because of the reference to gCalendar, but there is nothing to worry about even without sentinel. I'm not sure what this attack is trying to do, but it has absolutely no correlation to the gCalendar that we are using.

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
webservant
PostPosted: Mon Jun 21, 2010 8:41 am Reply with quote
Thanks for the quick response. I was comforted that Sentinel blocked it. However, knowing what is coming is gives us the ability to harden the code - but that's obviously not necessary.
 
fkelly
Former Moderator in Good Standing



Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
PostPosted: Mon Jun 21, 2010 10:17 am Reply with quote
I think it's a google calendar attack. The "G" is just a coincidence. LOL, I was going to say the G is just a string but I won't.

You can Google the proc/self/environ attack. It appears to be aimed at UNIX type systems that are not up to date.
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.6.x


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©