Tell me what to do

G

galaxyAbstractor

Community Advocate
Community Support
Messages
5,508
Reaction score
35
Points
48
HTTP_GET: HTTP in GET param, possible allow_url_fopen attack

Server Data:
PATH /usr/local/bin:/usr/bin:/bin
REDIRECT_HANDLER application/x-httpd-phpv2
REDIRECT_STATUS 200
HTTP_HOST www.jagf.net
HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
HTTP_ACCEPT_LANGUAGE en-us
HTTP_UA_CPU x86
HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
HTTP_CONNECTION Close
SERVER_SIGNATURE <address>Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.jagf.net Port 80</address>

SERVER_SOFTWARE Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
SERVER_NAME www.jagf.net
SERVER_ADDR **.**.***.***
SERVER_PORT 80
REMOTE_ADDR ***.***.**.**
DOCUMENT_ROOT /home/viggeswe/public_html
SERVER_ADMIN webmaster@viggeswe.jagf.pcriot.com
SCRIPT_FILENAME /home/viggeswe/public_html/search.php
REMOTE_PORT 44967
REDIRECT_QUERY_STRING st=0&amp;sk=t&amp;sd=d&amp;keywords=http%3A%2F%2Fwww.thoseguysfilms.com%2Fforums%2Ftemplates%2FsubSilver%2Fimages%2Fuza%2Flaqipu%2F
REDIRECT_URL /search.php
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.0
REQUEST_METHOD GET
QUERY_STRING st=0&amp;sk=t&amp;sd=d&amp;keywords=http%3A%2F%2Fwww.thoseguysfilms.com%2Fforums%2Ftemplates%2FsubSilver%2Fimages%2Fuza%2Flaqipu%2F
REQUEST_URI /search.php?st=0&amp;sk=t&amp;sd=d&amp;keywords=http%3A%2F%2Fwww.thoseguysfilms.com%2Fforums%2Ftemplates%2FsubSilver%2Fimages%2Fuza%2Flaqipu%2F
SCRIPT_NAME /search.php
ORIG_SCRIPT_FILENAME /usr/local/cpanel/cgi-sys/php-cgiv2
ORIG_PATH_INFO /search.php
ORIG_PATH_TRANSLATED /home/viggeswe/public_html/search.php
ORIG_SCRIPT_NAME /cgi-sys/php-cgiv2
PHP_SELF /search.php
REQUEST_TIME 1204570400
argv Array
argc 1
Click to expand...

Does that look like a hacking attempt or is it something else that is normal?

This happens on most files in phpBB like search.php , portal.php , viewforum.php , viewtopic.php and posting.php. For me it seems like spamming attempts. Look at the query string:
st=0&amp;sk=t&amp;sd=d&amp;keywords=http%3A%2F%2Fwww.thoseguysfilms.com%2Fforums%2Ftemplates%2FsubSilver%2Fimages%2Fuza%2Flaqipu%2F
Click to expand...

see that URL some1 put there? So is it on every single attempt.
 
Last edited:
You must log in or register to reply here.
Top