|
Scripts Hackers Attempt to Inject |
|
Sunday, 10 June 2007 |
I have had lots of code injection attempts as of late, and none have been successful. What the people behind these attacks are doing fit into two categories:
1. They are hacking sites just to display a "hacked by" page, to get more cred among the hacker community
2. They are using these injection scripts to run shell scripts to control the server which is then used for DoS, as well as other nefarious activities.
How do "they" find potentially vulnerable sites? They use a list of strings to search for in Google, and I happen to have it. Get it here, and block all of these URLs (or those that apply to your CMS) in your .htaccess file, or by some other means.
I have gone through my server logs, and posted my Joomla URLs that people attempt to inject code into, with the hope that people will block them in .htaccess to prevent security issues. Also, I highly suggest you make sure the PHP fopen() function is disabled in your php.ini, to prevent remote files from being opened by your server.
Alongside these URLs, I have grabbed copies of all of the scripts these hackers are using, most of which are hosted on hacked sites. In the downloads area, you will find a zipped pack of these scripts, which also has places they are hosted. I hope that someone more skilled in security and PHP can use these for the benefit of webmasters like myself.
One More Example
|
