1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Is this a hack attempt?

Discussion in 'Security' started by PorterG, Mar 9, 2011.

0
  1. #1
    I noticed this strange url string when looking at stats on one of my Wordpress-based websites today. Is there an explanation other than a hack attempt for this strange entry? I can imagine some sleazy Russian spammer would like to embed what 'he thinks' would be hard to remove adverts in my code. It seems strange the domain from which this url originated is amazon, but I know Amazon will sell hosting to just about anyone other than wikileaks. I have already blocked the full range of this IP address. Any opinions would be appreciated.

    [​IMG]


    Best regards,

    P
     
    Last edited: Mar 9, 2011
    PorterG, Mar 9, 2011 IP
  2. zacharooni

    zacharooni Well-Known Member

    Messages:
    346
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #2
    This is an exploit attempt, but it looks like it was filtered and given a 404
     
    zacharooni, Mar 10, 2011 IP
  3. Natcoweb

    Natcoweb Peon

    Messages:
    29
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    You could contact regarding this issue.
     
    Natcoweb, Mar 11, 2011 IP
  4. SSC

    SSC Active Member

    Messages:
    995
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    80
    #4
    Off course it was an hack attempt!

    This is also know as Directory traversal, you can read more about this type of exploits here::

    en.wikipedia.org/wiki/Directory_traversal
     
    SSC, Mar 11, 2011 IP
  5. PorterG

    PorterG Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Thanks to everyone for their input. I've experienced attempts to hack my vBulletin's via php injection, but never this 'directory reversal' thing on a wordpress-based site. I'll be keeping a closer eye on stats. I'm not sure if I'll bother contacting Amazon, but I have blocked their full range of IP addresses.

    Thanks again,

    P
     
    PorterG, Mar 11, 2011 IP
  6. Brandon Sheley

    Brandon Sheley Illustrious Member

    Messages:
    9,721
    Likes Received:
    612
    Best Answers:
    2
    Trophy Points:
    420
    #6
    I'd install a few security plugins to your wordpress install
     
    Brandon Sheley, Mar 11, 2011 IP
  7. PorterG

    PorterG Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    I just installed 'askapache password protect' and 'login-Lockdown'. If you have any other suggestions I'd appreciate them.
    I am often hesitant to install 3rd party plugin scripts as these days they seem, more often than not, spyware themselves.

    P
     
    PorterG, Mar 11, 2011 IP
  8. raffo77

    raffo77 Active Member

    Messages:
    234
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    51
    #8
    Maybe it is done by a vulnerability scanner like Nikto.
     
    raffo77, Mar 14, 2011 IP
  9. PorterG

    PorterG Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Since I do not lease my server or do any business with Amazon or any of its affiliates, I can't imagine why Amazon would be performing a security scan on my websites. I have blocked Amazon and it's Amazonaws scraper/crawler at the root directory of all my sites.

    P
     
    PorterG, Mar 14, 2011 IP
  10. mergemedia

    mergemedia Peon

    Messages:
    55
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #10
    It looks like a worm trying to spread itself.
     
    mergemedia, Mar 16, 2011 IP
  11. mikeasro

    mikeasro Peon

    Messages:
    145
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #11
    How did you work that out? LOL

    Browses back through directories (dir trevesal)> get passwd file > extract hashes/salts > crack password. (after login>install rootkit)
     
    mikeasro, Mar 16, 2011 IP