Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
Hacking attempts?
Hi folks…
I have a few questions that I am concerned about…
Looking at the logs, I am seeing a number of consistent attempts of knowledgable folks picking through my pages using GET strings.. like the following:
adding ?larch=1&
This produces a partial page load which includes an unstyled section of the page.
adding ?js=(name a plugin)
This actually gives up the javascript for the named module. This seems like a real potential problem.
Is there some setting that I have missed which may prevent this kind of ‘curious’ manipulation?
Thanks!
~Jacob
Offline
Re: Hacking attempts?
First of all:
http://textpattern.com/faq/177/did-someone-hack-my-site
jagorny wrote:
adding ?larch=1& This produces a partial page load which includes an unstyled section of the page.
It has no effect on a default textpattern install. It looks like one of the plugins you are using is responsible.
adding ?js=(name a plugin) This actually gives up the javascript for the named module. This seems like a real potential problem.
No, it seems like it’s doing what it should. Javascript is meant to be served to a browser. Plugins can serve arbritrary content to browsers via such urls. Why should it be concern if a browser can request javascript and textpattern serves it? I suggest you make yourself familiar with the plugins you are using…
Is there some setting that I have missed which may prevent this kind of ‘curious’ manipulation?
It doesn’t look like anything is being manipulated. Of course, we can’t tell for sure, because you neither gave a link to your site, nor give any details about the plugins’ names.
Offline
#3 2006-09-15 21:39:05
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Hacking attempts?
I know that at least one of my plugins would output JavaScript from a url like that, but it’s “safe”, there’s not any way for them to somehow make this a vulnerability.
Offline
#4 2006-09-15 22:09:54
- zem
- Developer Emeritus
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Re: Hacking attempts?
Just adding to what’s above:
All of the behaviour you’re seeing is caused by plugins, not Textpattern itself. If you have concerns, you should address them to the plugin’s author.
Several popular plugins use URLs similar to those to serve up javascript or other content. In all the cases I’ve seen, these appear to work safely – they can’t be used to leak arbitrary files or data.
And finally, the entires in the log aren’t necessarily deliberate manipulation. It’s probably just normal behaviour, browsers requesting those URLs in response to XHTML generated by the plugin.
Alex
Offline
Re: Hacking attempts?
@Sencer – Thanks I read that post early on and had not committed it to memory – one of the reasons I switched to txp in the first place.
@zem, mary – thanks, you answered my question regarding whether this behavior was typical of textpattern or was related to plug-in operation.
Offline
Pages: 1