PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sun Sep 15, 2019 3:36 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Wed Feb 20, 2013 8:04 pm 
Offline
Forum Newbie

Joined: Wed Feb 20, 2013 8:01 pm
Posts: 2


Top
 Profile  
 
PostPosted: Wed Feb 20, 2013 8:17 pm 
Offline
Site Administrator
User avatar

Joined: Sun May 19, 2002 10:24 pm
Posts: 6887
Sure, but those files don't exist so in this case a 404 error was sent.

_________________
Image


Top
 Profile  
 
PostPosted: Wed Feb 20, 2013 8:22 pm 
Offline
Forum Newbie

Joined: Wed Feb 20, 2013 8:01 pm
Posts: 2
Thanks... I'll bear that in mind the next time I see something like those entries.


Top
 Profile  
 
PostPosted: Wed Feb 20, 2013 9:12 pm 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA
Google. First one is tied to a remote command execution exploit in a spam filtering product, second is apparently scanned by the Morfeus bot and "often associated with Drupal".


Top
 Profile  
 
PostPosted: Thu Feb 21, 2013 8:46 pm 
Offline
Forum Contributor
User avatar

Joined: Wed Apr 14, 2010 4:45 pm
Posts: 375
Location: UK
Hi,

If you're using a Un*x server then it would be a good idea to install logwatch or something similar if you have the necessary privileges and want to keep an eye on what's going on - in most cases these HTTP requests will just give 404 responses (as requinix has suggested) because some script kiddie is running them and doesn't understand that the exploits included in a five year old Perl script they found on the 'Net yesterday might not work in 2013. If it becomes a *real* problem then you can always create some iptables rules - I was getting hundreds of "/w00tw00t"-style requests every day at one point so I added a rule that does nothing for 60 seconds and then drops the request. Remember, you can't stop people from trying to access your server but you can at least slow them down and make life difficult for them.

You should also make sure that any 3rd party applications you're currently running are up-to-date, because automated exploits can still be effective in this context - there are thousands of sites out there that run ancient versions of Joomla!/osCommerce/Actinic because the site owner doesn't have the money or inclination to pay a developer to update the software for them, which in itself is a fairly arduous task with some software.

If you haven't already done so and have a Un*x server, make sure you also have denyhosts installed.

That (unpaid-for) infomercial was brought to you today by logwatch, iptables and denyhosts, and also by the letters "P", "H", and "P"... :mrgreen:

HTH,

Mecha Godzilla


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group