FUDforum: comp.lang.php » What is this attack trying to do?

Home » Imported messages » comp.lang.php » What is this attack trying to do?

Show: Today's Messages :: Polls :: Message Navigator

Re: What is this attack trying to do? [message #178304 is a reply to message #178302]

Wed, 30 May 2012 14:06

Robert Heller
Messages: 60
Registered: December 2010

Karma:

Member

At Wed, 30 May 2012 13:20:10 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:

>
> Captain Paralytic wrote:
>> On May 24, 10:50 pm, The Natural Philosopher <t...@invalid.invalid>
>> wrote:
>>> Denis McMahon wrote:
>>>> On Wed, 23 May 2012 22:28:33 -0500, Robert Heller wrote:
>>>> > There is probably some websoftware out there with a mycode.php
>>>> A quick google suggests that some forum code (myBB) has a mycode.php.
>>>> Whether this is the target of the attack or not I have no idea.
>>> no, because mnycode.php was just and example not what the attack
>>> actually called.
>> And how were we supposed to know that?
>
> I didn't think it was relevant. It was calling a random php script that
> takes parameters.

I suspect that the cracker botnet 'spiders' web sites looking for links
with URLs that match the RegEx pattern '.*\.php\?.*' and then create
'attack' URLs based on these URLs, but with crafted parameters that
probe for security holes or perform SQL Injections. The actual PHP
scripts being called are not partitularly relevant. There might be
some well known PHP scripts or common script elements that have
possible security issues that people are 'recycling' in custom PHP
scripts and these crackers are looking for these scripts with their
botnet 'spiders' and are using a 'brute force' type of attack.

>
>

--
Robert Heller -- 978-544-6933 / heller(at)deepsoft(dot)com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments

Report message to a moderator

[Message index]

		What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 02:22
		Re: What is this attack trying to do? By: Robert Heller on Thu, 24 May 2012 03:28
		Re: What is this attack trying to do? By: Thomas 'PointedEars' on Thu, 24 May 2012 11:34
		Re: What is this attack trying to do? By: Denis McMahon on Thu, 24 May 2012 14:40
		Re: What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 21:50
		Re: What is this attack trying to do? By: Captain Paralytic on Wed, 30 May 2012 11:46
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 12:20
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 14:06
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 14:28
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 17:30
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 21:27

Previous Topic:	How best to print an array to table?
Next Topic:	CFP - DEIS2012 - Czech Republic - SDIWC

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Jul 05 16:17:22 GMT 2024

Total time taken to generate the page: 4.03215 seconds