FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » What is this attack trying to do?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: What is this attack trying to do? [message #178304 is a reply to message #178302] Wed, 30 May 2012 14:06 Go to previous messageGo to previous message
Robert Heller is currently offline  Robert Heller
Messages: 60
Registered: December 2010
Karma:
Member
At Wed, 30 May 2012 13:20:10 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:

>
> Captain Paralytic wrote:
>> On May 24, 10:50 pm, The Natural Philosopher <t...@invalid.invalid>
>> wrote:
>>> Denis McMahon wrote:
>>>> On Wed, 23 May 2012 22:28:33 -0500, Robert Heller wrote:
>>>> > There is probably some websoftware out there with a mycode.php
>>>> A quick google suggests that some forum code (myBB) has a mycode.php.
>>>> Whether this is the target of the attack or not I have no idea.
>>> no, because mnycode.php was just and example not what the attack
>>> actually called.
>> And how were we supposed to know that?
>
> I didn't think it was relevant. It was calling a random php script that
> takes parameters.

I suspect that the cracker botnet 'spiders' web sites looking for links
with URLs that match the RegEx pattern '.*\.php\?.*' and then create
'attack' URLs based on these URLs, but with crafted parameters that
probe for security holes or perform SQL Injections. The actual PHP
scripts being called are not partitularly relevant. There might be
some well known PHP scripts or common script elements that have
possible security issues that people are 'recycling' in custom PHP
scripts and these crackers are looking for these scripts with their
botnet 'spiders' and are using a 'brute force' type of attack.


>
>

--
Robert Heller -- 978-544-6933 / heller(at)deepsoft(dot)com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How best to print an array to table?
Next Topic: CFP - DEIS2012 - Czech Republic - SDIWC
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 01 00:19:48 GMT 2024

Total time taken to generate the page: 0.07514 seconds