Unusual error log entry. What is this?

Posted: Mon Aug 15, 2005 12:18 pm

This looks to me like some kind of downloader, but I've not seen an entry like it before so I am not positive. What's odd is my downloads are public, so I can't see a reason to use it (if it is a downloader). Does anyone have an idea?

Code:




  0     0    0     0    0     0      0      0 --:--:--  0:00:10 --:--:--     0[Mon Aug 15 12:11:24 2005] [error] [client xx.xxx.xx.xx] File does not exist: /my_folder/my_folder_name/public_directory/downloadable_files/filename.zip

Site Admin Joined: Jun 04, 2004 Posts: 6432

I could also be someone try to determine your root path. Is the path correct? If so, is the download file name correct? Is your php.ini display_errors on or off?

Posted: Mon Aug 15, 2005 1:47 pm

Hi kguske,

No, the file path was incorrect and error message display is off. It looked like somebody was using old info. I periodically change the account name, database name, prefixes, passwords, folder names, et al. This person appeared to be trying to access a download folder name I used two changes back.

Since mid-July I've been especially hit with exploit attempts, and the logs are showing more than the usual day-to-day script kiddie stuff. I've added silent tracking to several scripts, laid traps, moved key scripts outside the public directory, ect... The number of attempts lately are boggling.

Posted: Mon Aug 15, 2005 2:43 pm

If it WAS valid at one time, it's probably coming from an old hotlink and nothing to worry about, especially if display_errors is off. You might want to use Disipal's DisError addon, if you're not already, to give some extra flexibility in tracking certain types of errors.

I know what you mean about increased attacks lately. Thankfully, NukeSentinel is blocking them all. My sites don't have lots of downloads and probably less traffic, so I might not be seeing the advanced attacks you are seeing. It's a never ending battle...