Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x
Author Message
dad7732
RavenNuke(tm) Development Team


Joined: Mar 18, 2007
Posts: 1242

PostPosted: Sat Feb 13, 2010 9:44 am Reply with quote

This showed up this morning when checking user-agents:

Code:


<?php phpinfo(); ?>

What's up with that, a user with that UA was checking a particular post in the forum. Anything to be concerned with?

Cheers
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sat Feb 13, 2010 10:33 am Reply with quote

dad7732 wrote:
This showed up this morning when checking user-agents:

Code:


<?php phpinfo(); ?>

What's up with that, a user with that UA was checking a particular post in the forum. Anything to be concerned with?

Cheers


Someone is trying to inject that PHP code to see if they can get the phpinfo() information. And they can from many sites!

Search Google for phpinfo HTTP_USER_AGENT. Then click on any that say phpinfo(). Shocked
 
View user's profile Send private message
dad7732
PostPosted: Sat Feb 13, 2010 10:48 am Reply with quote

Can that be injected in a RN site? And can it be blocked as such in the harvester menu?

Thanks
 
spasticdonkey
RavenNuke(tm) Development Team


Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA

PostPosted: Sat Feb 13, 2010 12:25 pm Reply with quote

ooohhhh, that's bad. Shocked
having your phpinfo page indexed by Google??
lol, one even had ads setup on the page ROTFL
 
View user's profile Send private message Visit poster's website
dad7732
PostPosted: Sat Feb 13, 2010 12:37 pm Reply with quote

That was the only string in the UA, nothing else, that's what interested me as I've never seen a UA like that before.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Fri Feb 19, 2010 5:56 pm Reply with quote

dad7732 wrote:
Can that be injected in a RN site?


Doubtful. The only thing looking at the user agent string is NukeSentinel and its "tight".

Quote:
And can it be blocked as such in the harvester menu?


I would think so. You could test it out using a browser plug-in which allows modification of the headers.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
dad7732
PostPosted: Fri Feb 19, 2010 7:48 pm Reply with quote

I have several ua switcher extensions for Firefox, may give it a whirl, thanks
 
slackervaara
Worker
Worker


Joined: Aug 26, 2007
Posts: 236

PostPosted: Sat Feb 20, 2010 1:39 am Reply with quote

In Sentinel click on:
Tracked IP Menu
Display Tracked User Agents
Here you can block individual user agents.
 
View user's profile Send private message
dad7732
PostPosted: Sat Feb 20, 2010 8:05 am Reply with quote

Yes, I know, that's an alternative and curious if that particular string could actually be blocked. But I was wondering if there were any consequences to blocking that string. Testing so far proves harmless.
 
montego
PostPosted: Sat Feb 20, 2010 11:34 am Reply with quote

Should be no consequences of blocking it via the Harvestor blocker (as it ONLY looks at the User Agent header). I also think it would hurt to block it via the string blocker unless you think you'll use that string somewhere in a news article, content, post, etc.
 
dad7732
PostPosted: Sat Feb 20, 2010 12:05 pm Reply with quote

I've only seen this once in many years using Sentinel, so really no cause to be overly concerned. Thanks for the heads up, it just caught me off-guard a bit.

Cheers
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©