Website Exploits
Bob Elzer
bob.elzer at gmail.com
Wed Dec 3 16:49:41 MST 2008
Someone is trying to see if they can use your website as a proxy.
Most likely the site that it is coming from has been compromised itself, so
reporting may or may not get a response.
In Apache you should turn off proxys so the bad guys can't hide their IP's
by using you as an in between.
But turning off proxys isn't enough, if a php application is written poorly,
they might be able to use the php code to do the proxying for them.
So most likely some BOT was scanning your system, hoping to find that poorly
built php app.
Since you are probably reading about it in an error list, then you seem to
be safe.
If you are getting more than your fair share of these attempts from the same
address, I would add their address to a blacklist in IPtables.
_____
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of keith
smith
Sent: Wednesday, December 03, 2008 3:40 PM
To: plug-discuss at lists.plug.phoenix.az.us
Subject: OT: Website Exploits
Hi,
I am working on a website that gets a lot of exploit attempts.
They mostly look like this:
/index.php?display=http://humano.ya.com/mysons/index.htm?
Our code is set to disregard any value that is not expected.
I'm wondering if there is a clearing house for reporting this type of stuff.
I have the IP address as reported.... if that is accurate.
Thanks in advance!
Keith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081203/a093714f/attachment.htm
More information about the PLUG-discuss
mailing list