FUDforum: comp.lang.php » What is this attack trying to do?

Home » Imported messages » comp.lang.php » What is this attack trying to do?

Show: Today's Messages :: Polls :: Message Navigator

Re: What is this attack trying to do? [message #178311 is a reply to message #178307]

Wed, 30 May 2012 21:27

The Natural Philosoph
Messages: 993
Registered: September 2010

Karma:

Senior Member

Robert Heller wrote:
> At Wed, 30 May 2012 15:28:33 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>
>> Robert Heller wrote:
>>> At Wed, 30 May 2012 13:20:10 +0100 The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>>>
>>>> Captain Paralytic wrote:
>>>> > On May 24, 10:50 pm, The Natural Philosopher <t...@invalid.invalid>
>>>> > wrote:
>>>> >> Denis McMahon wrote:
>>>> >>> On Wed, 23 May 2012 22:28:33 -0500, Robert Heller wrote:
>>>> >>>> There is probably some websoftware out there with a mycode.php
>>>> >>> A quick google suggests that some forum code (myBB) has a mycode.php.
>>>> >>> Whether this is the target of the attack or not I have no idea.
>>>> >> no, because mnycode.php was just and example not what the attack
>>>> >> actually called.
>>>> > And how were we supposed to know that?
>>>> I didn't think it was relevant. It was calling a random php script that
>>>> takes parameters.
>>> I suspect that the cracker botnet 'spiders' web sites looking for links
>>> with URLs that match the RegEx pattern '.*\.php\?.*' and then create
>>> 'attack' URLs based on these URLs, but with crafted parameters that
>>> probe for security holes or perform SQL Injections. The actual PHP
>>> scripts being called are not partitularly relevant. There might be
>>> some well known PHP scripts or common script elements that have
>>> possible security issues that people are 'recycling' in custom PHP
>>> scripts and these crackers are looking for these scripts with their
>>> botnet 'spiders' and are using a 'brute force' type of attack.
>>>
>>>
>> I think that is probably the case.
>>
>> "well known PHP scripts or common script elements that have
>> possible security issues that people are 'recycling'"
>>
>> One good reason to roll your own. There may be bugs and security holes
>> but they aren't *well known* bugs and security holes.
>
> And one should *allways* bulletprof the code. ALLWAYS sanitize parameters.
> Prefer $_POST[] over $_GET[] where possible or sensible. Check the
> referer where that makes sense. And so on.
>
yeah right. As in the case I cited where the ONLY thing it does is
select from one of 47 possible news items.

You can do a huge amount of damage to a script like that.

>>
>>
>

--
To people who know nothing, anything is possible.
To people who know too much, it is a sad fact
that they know how little is really possible -
and how hard it is to achieve it.

Report message to a moderator

[Message index]

		What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 02:22
		Re: What is this attack trying to do? By: Robert Heller on Thu, 24 May 2012 03:28
		Re: What is this attack trying to do? By: Thomas 'PointedEars' on Thu, 24 May 2012 11:34
		Re: What is this attack trying to do? By: Denis McMahon on Thu, 24 May 2012 14:40
		Re: What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 21:50
		Re: What is this attack trying to do? By: Captain Paralytic on Wed, 30 May 2012 11:46
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 12:20
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 14:06
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 14:28
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 17:30
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 21:27

Previous Topic:	How best to print an array to table?
Next Topic:	CFP - DEIS2012 - Czech Republic - SDIWC

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Nov 22 02:32:07 GMT 2024

Total time taken to generate the page: 0.05185 seconds