+ Reply to Thread
Results 1 to 1 of 1

Thread: Tell me what to do

  1. 03-06-2008 12:54 PM #1
    galaxyAbstractor's Avatar
    galaxyAbstractor
    galaxyAbstractor is offline     Community Advocate galaxyAbstractor is on a distinguished road
    Send a message via AIM to galaxyAbstractor Send a message via MSN to galaxyAbstractor
    Join Date
    Oct 2007
    Location
    Land of Null and Insanity
    Posts
    5,495

    Tell me what to do

    HTTP_GET: HTTP in GET param, possible allow_url_fopen attack

    Server Data:
    PATH /usr/local/bin:/usr/bin:/bin
    REDIRECT_HANDLER application/x-httpd-phpv2
    REDIRECT_STATUS 200
    HTTP_HOST www.jagf.net
    HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    HTTP_ACCEPT_LANGUAGE en-us
    HTTP_UA_CPU x86
    HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
    HTTP_CONNECTION Close
    SERVER_SIGNATURE <address>Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.jagf.net Port 80</address>

    SERVER_SOFTWARE Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    SERVER_NAME www.jagf.net
    SERVER_ADDR **.**.***.***
    SERVER_PORT 80
    REMOTE_ADDR ***.***.**.**
    DOCUMENT_ROOT /home/viggeswe/public_html
    SERVER_ADMIN webmaster@viggeswe.jagf.pcriot.com
    SCRIPT_FILENAME /home/viggeswe/public_html/search.php
    REMOTE_PORT 44967
    REDIRECT_QUERY_STRING st=0&amp;sk=t&amp;sd=d&amp;keywords=http%3A%2F%2Fw ww.thoseguysfilms.com%2Fforums%2Ftemplates%2FsubSi lver%2Fimages%2Fuza%2Flaqipu%2F
    REDIRECT_URL /search.php
    GATEWAY_INTERFACE CGI/1.1
    SERVER_PROTOCOL HTTP/1.0
    REQUEST_METHOD GET
    QUERY_STRING st=0&amp;sk=t&amp;sd=d&amp;keywords=http%3A%2F%2Fw ww.thoseguysfilms.com%2Fforums%2Ftemplates%2FsubSi lver%2Fimages%2Fuza%2Flaqipu%2F
    REQUEST_URI /search.php?st=0&amp;sk=t&amp;sd=d&amp;keywords=htt p%3A%2F%2Fwww.thoseguysfilms.com%2Fforums%2Ftempla tes%2FsubSilver%2Fimages%2Fuza%2Flaqipu%2F
    SCRIPT_NAME /search.php
    ORIG_SCRIPT_FILENAME /usr/local/cpanel/cgi-sys/php-cgiv2
    ORIG_PATH_INFO /search.php
    ORIG_PATH_TRANSLATED /home/viggeswe/public_html/search.php
    ORIG_SCRIPT_NAME /cgi-sys/php-cgiv2
    PHP_SELF /search.php
    REQUEST_TIME 1204570400
    argv Array
    argc 1
    Does that look like a hacking attempt or is it something else that is normal?

    This happens on most files in phpBB like search.php , portal.php , viewforum.php , viewtopic.php and posting.php. For me it seems like spamming attempts. Look at the query string:
    st=0&amp;sk=t&amp;sd=d&amp;keywords=http%3A%2F%2Fw ww.thoseguysfilms.com%2Fforums%2Ftemplates%2FsubSi lver%2Fimages%2Fuza%2Flaqipu%2F
    see that URL some1 put there? So is it on every single attempt.
    Last edited by galaxyAbstractor; 03-06-2008 at 12:58 PM.
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

x10hosting free hosting for the masses
dedicated servers