Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
ladysilver
Hangin' Around


Joined: May 03, 2004
Posts: 49
Location: Cyberspace

PostPosted: Mon Aug 15, 2005 12:18 pm Reply with quote

This looks to me like some kind of downloader, but I've not seen an entry like it before so I am not positive. What's odd is my downloads are public, so I can't see a reason to use it (if it is a downloader). Does anyone have an idea?

Code:


  0     0    0     0    0     0      0      0 --:--:--  0:00:10 --:--:--     0[Mon Aug 15 12:11:24 2005] [error] [client xx.xxx.xx.xx] File does not exist: /my_folder/my_folder_name/public_directory/downloadable_files/filename.zip
 
View user's profile Send private message Visit poster's website ICQ Number
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Mon Aug 15, 2005 12:43 pm Reply with quote

I could also be someone try to determine your root path. Is the path correct? If so, is the download file name correct? Is your php.ini display_errors on or off?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
ladysilver
PostPosted: Mon Aug 15, 2005 1:47 pm Reply with quote

Hi kguske,

No, the file path was incorrect and error message display is off. It looked like somebody was using old info. I periodically change the account name, database name, prefixes, passwords, folder names, et al. This person appeared to be trying to access a download folder name I used two changes back.

Since mid-July I've been especially hit with exploit attempts, and the logs are showing more than the usual day-to-day script kiddie stuff. I've added silent tracking to several scripts, laid traps, moved key scripts outside the public directory, ect... The number of attempts lately are boggling.
 
kguske
PostPosted: Mon Aug 15, 2005 2:43 pm Reply with quote

If it WAS valid at one time, it's probably coming from an old hotlink and nothing to worry about, especially if display_errors is off. You might want to use Disipal's DisError addon, if you're not already, to give some extra flexibility in tracking certain types of errors.

I know what you mean about increased attacks lately. Thankfully, NukeSentinel is blocking them all. My sites don't have lots of downloads and probably less traffic, so I might not be seeing the advanced attacks you are seeing. It's a never ending battle...
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©