I noticed this strange url string when looking at stats on one of my Wordpress-based websites today. Is there an explanation other than a hack attempt for this strange entry? I can imagine some sleazy Russian spammer would like to embed what 'he thinks' would be hard to remove adverts in my code. It seems strange the domain from which this url originated is amazon, but I know Amazon will sell hosting to just about anyone other than wikileaks. I have already blocked the full range of this IP address. Any opinions would be appreciated. Best regards, P
Off course it was an hack attempt! This is also know as Directory traversal, you can read more about this type of exploits here:: en.wikipedia.org/wiki/Directory_traversal
Thanks to everyone for their input. I've experienced attempts to hack my vBulletin's via php injection, but never this 'directory reversal' thing on a wordpress-based site. I'll be keeping a closer eye on stats. I'm not sure if I'll bother contacting Amazon, but I have blocked their full range of IP addresses. Thanks again, P
I just installed 'askapache password protect' and 'login-Lockdown'. If you have any other suggestions I'd appreciate them. I am often hesitant to install 3rd party plugin scripts as these days they seem, more often than not, spyware themselves. P
Since I do not lease my server or do any business with Amazon or any of its affiliates, I can't imagine why Amazon would be performing a security scan on my websites. I have blocked Amazon and it's Amazonaws scraper/crawler at the root directory of all my sites. P
How did you work that out? LOL Browses back through directories (dir trevesal)> get passwd file > extract hashes/salts > crack password. (after login>install rootkit)