FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » What is this attack trying to do?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: What is this attack trying to do? [message #178305 is a reply to message #178304] Wed, 30 May 2012 14:28 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
Robert Heller wrote:
> At Wed, 30 May 2012 13:20:10 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>
>> Captain Paralytic wrote:
>>> On May 24, 10:50 pm, The Natural Philosopher <t...@invalid.invalid>
>>> wrote:
>>>> Denis McMahon wrote:
>>>> > On Wed, 23 May 2012 22:28:33 -0500, Robert Heller wrote:
>>>> >> There is probably some websoftware out there with a mycode.php
>>>> > A quick google suggests that some forum code (myBB) has a mycode.php.
>>>> > Whether this is the target of the attack or not I have no idea.
>>>> no, because mnycode.php was just and example not what the attack
>>>> actually called.
>>> And how were we supposed to know that?
>> I didn't think it was relevant. It was calling a random php script that
>> takes parameters.
>
> I suspect that the cracker botnet 'spiders' web sites looking for links
> with URLs that match the RegEx pattern '.*\.php\?.*' and then create
> 'attack' URLs based on these URLs, but with crafted parameters that
> probe for security holes or perform SQL Injections. The actual PHP
> scripts being called are not partitularly relevant. There might be
> some well known PHP scripts or common script elements that have
> possible security issues that people are 'recycling' in custom PHP
> scripts and these crackers are looking for these scripts with their
> botnet 'spiders' and are using a 'brute force' type of attack.
>
>
I think that is probably the case.

"well known PHP scripts or common script elements that have
possible security issues that people are 'recycling'"

One good reason to roll your own. There may be bugs and security holes
but they aren't *well known* bugs and security holes.


>>
>


--
To people who know nothing, anything is possible.
To people who know too much, it is a sad fact
that they know how little is really possible -
and how hard it is to achieve it.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How best to print an array to table?
Next Topic: CFP - DEIS2012 - Czech Republic - SDIWC
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 01 01:21:38 GMT 2024

Total time taken to generate the page: 0.07098 seconds