Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x
Author Message
webservant
Worker
Worker


Joined: Feb 26, 2006
Posts: 206
Location: Springfield, MA

PostPosted: Mon Jun 21, 2010 6:58 am Reply with quote

I haven't seen GCalendar targeted before. So, I figure that I'd share it with the community.

Code:
Created By: NukeSentinel(tm) 2.6.03

Date & Time: 2010-06-21 00:20:00 EDT GMT -0400
Blocked IP: 88.191.94.*
User ID: Anonymous (1)
Reason: Abuse-CLike
--------------------
Referer: none
User Agent: libwww-perl/5.805
HTTP Host: Only registered users can see links on this board! Get registered or login!
Script Name: /modules.php
Query String: name=GCalendar&fil...wday&y=2007&m=12&d=23&e=1/*.php?option=com_gcalendar&controller=../../../../../../../../../../../../../../../proc/self/environ
Get String: name=GCalendar&fil___wday=&y=2007&m=12&d=23&e=1/*.php?option=com_gcalendar&controller=../../../../../../../../../../../../../../../proc/self/environ\0
Post String: Not Available
Forwarded For: none
Client IP: none
Remote Address: 88.191.94.188
Remote Port: 43792
Request Method: GET
--------------------
Who-Is for IP

_________________
Awaiting His Shout
Webservant - GraciousCall.org
Romans 8:28-39 
View user's profile Send private message Visit poster's website AIM Address
Palbin
Site Admin


Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Mon Jun 21, 2010 7:05 am Reply with quote

They must be trying that because of the reference to gCalendar, but there is nothing to worry about even without sentinel. I'm not sure what this attack is trying to do, but it has absolutely no correlation to the gCalendar that we are using.

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
webservant
PostPosted: Mon Jun 21, 2010 8:41 am Reply with quote

Thanks for the quick response. I was comforted that Sentinel blocked it. However, knowing what is coming is gives us the ability to harden the code - but that's obviously not necessary.
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Mon Jun 21, 2010 10:17 am Reply with quote

I think it's a google calendar attack. The "G" is just a coincidence. LOL, I was going to say the G is just a string but I won't.

You can Google the proc/self/environ attack. It appears to be aimed at UNIX type systems that are not up to date.
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.6.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©