Re: evil script in server logs (Heads Up)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/5/07, Paul Scott <pscott@xxxxxxxxx> wrote:
>
> On Fri, 2007-10-05 at 11:29 -0400, Daniel Brown wrote:
> >     Yeah, honestly I wasn't sure if it was an injection attack or if
> > those URLs were referrers in the logs.
>
> OK sorry if I wasn't 100% clear here, but the logs showed up something
> like:
>
> http://fsiu.uwc.ac.za/index.php?module=http://www.goodasgold.com/nav
>
> So basically it was an XSS attempt, but because our MVC security is
> decent, it is just more of an annoyance than anything else (it screws up
> my stats man!)
>
> What I was trying to say is that *if* you didn't know about this one
> before, now you do. They are hitting all of our sites at a rate of
> knots, so are probably doing the same elsewhere.
>
> --Paul
>
>
> All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
>
>

    Sounds like a Joomla exploit attempt.  Either way, thanks for the
heads-up, Paul.

-- 
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day.  Then you'll find out he was
allergic and is hospitalized.  See?  No good deed goes unpunished....

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux