FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » What is this attack trying to do?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: What is this attack trying to do? [message #178311 is a reply to message #178307] Wed, 30 May 2012 21:27 Go to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
Robert Heller wrote:
> At Wed, 30 May 2012 15:28:33 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>
>> Robert Heller wrote:
>>> At Wed, 30 May 2012 13:20:10 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>>>
>>>> Captain Paralytic wrote:
>>>> > On May 24, 10:50 pm, The Natural Philosopher <t...@invalid.invalid>
>>>> > wrote:
>>>> >> Denis McMahon wrote:
>>>> >>> On Wed, 23 May 2012 22:28:33 -0500, Robert Heller wrote:
>>>> >>>> There is probably some websoftware out there with a mycode.php
>>>> >>> A quick google suggests that some forum code (myBB) has a mycode.php.
>>>> >>> Whether this is the target of the attack or not I have no idea.
>>>> >> no, because mnycode.php was just and example not what the attack
>>>> >> actually called.
>>>> > And how were we supposed to know that?
>>>> I didn't think it was relevant. It was calling a random php script that
>>>> takes parameters.
>>> I suspect that the cracker botnet 'spiders' web sites looking for links
>>> with URLs that match the RegEx pattern '.*\.php\?.*' and then create
>>> 'attack' URLs based on these URLs, but with crafted parameters that
>>> probe for security holes or perform SQL Injections. The actual PHP
>>> scripts being called are not partitularly relevant. There might be
>>> some well known PHP scripts or common script elements that have
>>> possible security issues that people are 'recycling' in custom PHP
>>> scripts and these crackers are looking for these scripts with their
>>> botnet 'spiders' and are using a 'brute force' type of attack.
>>>
>>>
>> I think that is probably the case.
>>
>> "well known PHP scripts or common script elements that have
>> possible security issues that people are 'recycling'"
>>
>> One good reason to roll your own. There may be bugs and security holes
>> but they aren't *well known* bugs and security holes.
>
> And one should *allways* bulletprof the code. ALLWAYS sanitize parameters.
> Prefer $_POST[] over $_GET[] where possible or sensible. Check the
> referer where that makes sense. And so on.
>
yeah right. As in the case I cited where the ONLY thing it does is
select from one of 47 possible news items.

You can do a huge amount of damage to a script like that.

>>
>>
>


--
To people who know nothing, anything is possible.
To people who know too much, it is a sad fact
that they know how little is really possible -
and how hard it is to achieve it.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How best to print an array to table?
Next Topic: CFP - DEIS2012 - Czech Republic - SDIWC
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 01 00:10:48 GMT 2024

Total time taken to generate the page: 0.04001 seconds