1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:23 pm May 4, 2026

Forum Moderators: open

Message Too Old, No Replies

upload.php

         

wilderness

1:51 pm on May 26, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Anybody have a clue if this single request (same IP and entire month) is somebody looking for a PHP vulnerability?

They were given a 301, however where they were redirect to is unknown (no other log entires), perhaps to 403.

74.63.124.zzz - - [25/May/2011:19:56:34 -0600] "GET /plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/upload.php HTTP/1.0" 301 695 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13"

coopster

3:52 pm on May 26, 2011 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



TinyMCE is a popular Rich Text Editor. If you are not running it anywhere on your domain then yes, they are looking for security holes. Examples [exploit-db.com]

wilderness

7:36 pm on May 26, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Many thanks coopster.

Located some references after posting, however I'm quite reluctant to add them here.

coopster

8:00 pm on May 26, 2011 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



You're welcome.
And I should add that tinymce in and of itself is safe and sound. However, start lumping in the 3rd party plugins and you become a bit vulnerable. Especially those involving PHP server-side code as they are the main targets of abuse.

however I'm quite reluctant to add them here.


hehe, I'm not afraid to walk in those neighborhoods ;)

dstiles

9:22 pm on May 26, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



US FDC servers - blocked here as 74.63.64/18

wilderness

9:37 pm on May 26, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



dstiles,
Here's anpther FDC that attempted SMF a few days ago.:
76.73.0.0/17

Don't recall how deep I went with FDC in the past.

blend27

11:32 am on May 27, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



thats a fairly new range for FDC...

I also have these:
start_ip-end_ip
50.7.0.0-50.7.255.255
74.63.64.0-74.63.127.255
204.45.0.0-204.45.255.255
76.73.0.0-76.73.127.255
67.159.0.0-67.159.63.255
208.53.128.0-208.53.191.255
66.90.64.0-66.90.127.255
at Hello :)... there might be more, but not cought, yet.

dstiles

9:56 pm on May 27, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I agree with that list - so far. :)
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:23 pm May 4, 2026