Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
PHrEEkie
Subject Matter Expert



Joined: Feb 23, 2004
Posts: 358

PostPosted: Fri Nov 05, 2010 5:51 pm Reply with quote

An attempt was just made to access xmlrpc.php from my web root, which is not the actual location of that file. What was interesting was that the user agent of the attacker simply said "T34mH4k Cr3w" (Team Hak Crew).

I added it to my Harvester list (checks agent strings), you should probably do so as well. Since the request for the file went straight to my web root, Sentinel did not see it, and therefore did not perma block the IP. I found the attack browsing my error logs.

Again, please add T34mH4k Cr3w to your harvester list.

- Keith

_________________
PHP - Breaking your legacy scripts one build at a time. 
View user's profile Send private message
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Sat Nov 06, 2010 4:37 pm Reply with quote

A popular blogging platform has the file in that location, which was exploitable at one time - script kiddies, you got to love 'em Smile
 
View user's profile Send private message Send e-mail
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©