FUDforum: comp.lang.php » What is this attack trying to do?

Home » Imported messages » comp.lang.php » What is this attack trying to do?

Show: Today's Messages :: Polls :: Message Navigator

Re: What is this attack trying to do? [message #178307 is a reply to message #178305]

Wed, 30 May 2012 17:30

Robert Heller
Messages: 60
Registered: December 2010

Karma:

Member

At Wed, 30 May 2012 15:28:33 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:

>
> Robert Heller wrote:
>> At Wed, 30 May 2012 13:20:10 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>>
>>> Captain Paralytic wrote:
>>>> On May 24, 10:50 pm, The Natural Philosopher <t...@invalid.invalid>
>>>> wrote:
>>>> > Denis McMahon wrote:
>>>> >> On Wed, 23 May 2012 22:28:33 -0500, Robert Heller wrote:
>>>> >>> There is probably some websoftware out there with a mycode.php
>>>> >> A quick google suggests that some forum code (myBB) has a mycode.php.
>>>> >> Whether this is the target of the attack or not I have no idea.
>>>> > no, because mnycode.php was just and example not what the attack
>>>> > actually called.
>>>> And how were we supposed to know that?
>>> I didn't think it was relevant. It was calling a random php script that
>>> takes parameters.
>>
>> I suspect that the cracker botnet 'spiders' web sites looking for links
>> with URLs that match the RegEx pattern '.*\.php\?.*' and then create
>> 'attack' URLs based on these URLs, but with crafted parameters that
>> probe for security holes or perform SQL Injections. The actual PHP
>> scripts being called are not partitularly relevant. There might be
>> some well known PHP scripts or common script elements that have
>> possible security issues that people are 'recycling' in custom PHP
>> scripts and these crackers are looking for these scripts with their
>> botnet 'spiders' and are using a 'brute force' type of attack.
>>
>>
> I think that is probably the case.
>
> "well known PHP scripts or common script elements that have
> possible security issues that people are 'recycling'"
>
> One good reason to roll your own. There may be bugs and security holes
> but they aren't *well known* bugs and security holes.

And one should *allways* bulletprof the code. ALLWAYS sanitize parameters.
Prefer $_POST[] over $_GET[] where possible or sensible. Check the
referer where that makes sense. And so on.

>
>
>>>
>>
>
>

--
Robert Heller -- 978-544-6933 / heller(at)deepsoft(dot)com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments

Report message to a moderator

[Message index]

		What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 02:22
		Re: What is this attack trying to do? By: Robert Heller on Thu, 24 May 2012 03:28
		Re: What is this attack trying to do? By: Thomas 'PointedEars' on Thu, 24 May 2012 11:34
		Re: What is this attack trying to do? By: Denis McMahon on Thu, 24 May 2012 14:40
		Re: What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 21:50
		Re: What is this attack trying to do? By: Captain Paralytic on Wed, 30 May 2012 11:46
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 12:20
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 14:06
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 14:28
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 17:30
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 21:27

Previous Topic:	How best to print an array to table?
Next Topic:	CFP - DEIS2012 - Czech Republic - SDIWC

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Jul 05 15:37:36 GMT 2024

Total time taken to generate the page: 0.05383 seconds