FUDforum: comp.lang.php » What is this attack trying to do?

Home » Imported messages » comp.lang.php » What is this attack trying to do?

Show: Today's Messages :: Polls :: Message Navigator

Re: What is this attack trying to do? [message #178305 is a reply to message #178304]

Wed, 30 May 2012 14:28

The Natural Philosoph
Messages: 993
Registered: September 2010

Karma:

Senior Member

Robert Heller wrote:
> At Wed, 30 May 2012 13:20:10 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>
>> Captain Paralytic wrote:
>>> On May 24, 10:50 pm, The Natural Philosopher <t...@invalid.invalid>
>>> wrote:
>>>> Denis McMahon wrote:
>>>> > On Wed, 23 May 2012 22:28:33 -0500, Robert Heller wrote:
>>>> >> There is probably some websoftware out there with a mycode.php
>>>> > A quick google suggests that some forum code (myBB) has a mycode.php.
>>>> > Whether this is the target of the attack or not I have no idea.
>>>> no, because mnycode.php was just and example not what the attack
>>>> actually called.
>>> And how were we supposed to know that?
>> I didn't think it was relevant. It was calling a random php script that
>> takes parameters.
>
> I suspect that the cracker botnet 'spiders' web sites looking for links
> with URLs that match the RegEx pattern '.*\.php\?.*' and then create
> 'attack' URLs based on these URLs, but with crafted parameters that
> probe for security holes or perform SQL Injections. The actual PHP
> scripts being called are not partitularly relevant. There might be
> some well known PHP scripts or common script elements that have
> possible security issues that people are 'recycling' in custom PHP
> scripts and these crackers are looking for these scripts with their
> botnet 'spiders' and are using a 'brute force' type of attack.
>
>
I think that is probably the case.

"well known PHP scripts or common script elements that have
possible security issues that people are 'recycling'"

One good reason to roll your own. There may be bugs and security holes
but they aren't *well known* bugs and security holes.

>>
>

--
To people who know nothing, anything is possible.
To people who know too much, it is a sad fact
that they know how little is really possible -
and how hard it is to achieve it.

Report message to a moderator

[Message index]

		What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 02:22
		Re: What is this attack trying to do? By: Robert Heller on Thu, 24 May 2012 03:28
		Re: What is this attack trying to do? By: Thomas 'PointedEars' on Thu, 24 May 2012 11:34
		Re: What is this attack trying to do? By: Denis McMahon on Thu, 24 May 2012 14:40
		Re: What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 21:50
		Re: What is this attack trying to do? By: Captain Paralytic on Wed, 30 May 2012 11:46
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 12:20
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 14:06
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 14:28
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 17:30
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 21:27

Previous Topic:	How best to print an array to table?
Next Topic:	CFP - DEIS2012 - Czech Republic - SDIWC

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Mon Jul 08 16:21:59 GMT 2024

Total time taken to generate the page: 0.03893 seconds