i have noticed in awstats that long URLs appended to the sites pages. its something like i dont know whether it is mysql injection or somebody looking to view the secured files. how to protect against such attacks
ensure your files permission(s) and ownerships are correct. Also consider doing an RFI scan. mod_security running?
is it important? i tried to install but it looks complicated. what is the easy way to install this mod-security.
From what you posted; It is not a RFI attack, nor an SQL injection. It's an LFI (Local File Inclusion). They are trying to tree upwards into the home directory or higher. ie: site.com/badphpcoding.php?=../../../../../etc/passwd%00 Solutions To Prevent: 1) as SSANZ mentioned: mod_security is god when it comes to preventing skiddie attacks 2) edit your php.ini file from root. Make sure magicqoutes and register_globals are turned off. as well fopen, shell_exec are disabled. There are more, but these are the more crucial ones. ( usr/local/lib/php.ini ) 3) If you are using a "popular cms" - stay current with recent releases and patches/security fixes. If you want, post your site here and I can take a quick look at it and PM you my findings. Good luck
Thanks zebulon actually my .htaccess file is a sort of blessing in disguise and every LFI request is rewritten by mod-rewrite.