FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » What is this attack trying to do?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: What is this attack trying to do? [message #178307 is a reply to message #178305] Wed, 30 May 2012 17:30 Go to previous messageGo to previous message
Robert Heller is currently offline  Robert Heller
Messages: 60
Registered: December 2010
Karma:
Member
At Wed, 30 May 2012 15:28:33 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:

>
> Robert Heller wrote:
>> At Wed, 30 May 2012 13:20:10 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>>
>>> Captain Paralytic wrote:
>>>> On May 24, 10:50 pm, The Natural Philosopher <t...@invalid.invalid>
>>>> wrote:
>>>> > Denis McMahon wrote:
>>>> >> On Wed, 23 May 2012 22:28:33 -0500, Robert Heller wrote:
>>>> >>> There is probably some websoftware out there with a mycode.php
>>>> >> A quick google suggests that some forum code (myBB) has a mycode.php.
>>>> >> Whether this is the target of the attack or not I have no idea.
>>>> > no, because mnycode.php was just and example not what the attack
>>>> > actually called.
>>>> And how were we supposed to know that?
>>> I didn't think it was relevant. It was calling a random php script that
>>> takes parameters.
>>
>> I suspect that the cracker botnet 'spiders' web sites looking for links
>> with URLs that match the RegEx pattern '.*\.php\?.*' and then create
>> 'attack' URLs based on these URLs, but with crafted parameters that
>> probe for security holes or perform SQL Injections. The actual PHP
>> scripts being called are not partitularly relevant. There might be
>> some well known PHP scripts or common script elements that have
>> possible security issues that people are 'recycling' in custom PHP
>> scripts and these crackers are looking for these scripts with their
>> botnet 'spiders' and are using a 'brute force' type of attack.
>>
>>
> I think that is probably the case.
>
> "well known PHP scripts or common script elements that have
> possible security issues that people are 'recycling'"
>
> One good reason to roll your own. There may be bugs and security holes
> but they aren't *well known* bugs and security holes.

And one should *allways* bulletprof the code. ALLWAYS sanitize parameters.
Prefer $_POST[] over $_GET[] where possible or sensible. Check the
referer where that makes sense. And so on.

>
>
>>>
>>
>
>

--
Robert Heller -- 978-544-6933 / heller(at)deepsoft(dot)com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How best to print an array to table?
Next Topic: CFP - DEIS2012 - Czech Republic - SDIWC
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 06:42:34 GMT 2024

Total time taken to generate the page: 0.03969 seconds