|
|
Posted by Daniel Ennis on 01/25/08 12:01
Marnok.com wrote:
> I've had some odd activity on one of my sites.
>
> This site tracks links to external sites. If I want to send a visitor to
> http::qwerty.com/abcd it would link to go_qwerty.php?page=abcd
>
> The go_qwerty.php then $_GET[page], records the page/datetime into a log
> file and then location: to the desired page.
>
> Person or persons unknown keep calling the go_qwerty.php and putting full
> URLs as the ?page reference. These pages are from a variety of sites but
> always refer to an identical looking page:
>
> <?php echo md5("just_a_test");?>displays on page when I visit these URLS.
> When I test by putting the suspicious URLs in as
> ?page=suspicious_url.com/blah it does nothing (tries to location: to
> qwerty.com/susicious_url.com/blah)Example of a suspicious
> link:http://www.nedkellypub.it/concerti/dati/olukev/orawo/Now I can't see
> how this benefits them, am I missing something? Have I created some possible
> way to hackers to achieve something? Is the displayed code just a cover for
> some actual php going on behind the scenes?
>
>
That specific one is someone TRYING to hack you, testing if your code is
vulnerable to RFI. He was trying to run PHP code on your server, but
obviously the way you coded it it wasnt vulnerable to that type of
attack. He was just testing your code.
you could file a report with his host/isp of hacking attempts.
--
Daniel Ennis
faNetworks.net - Quality Web Hosting and Ventrilo Services
System Administrator / Web Developer
PHP Developer for 6 years
daniel@fanetworks.net
Navigation:
[Reply to this message]
|