Welcome to WebmasterWorld Guest from 54.161.157.73

Forum Moderators: Ocean10000 & incrediBILL & keyplyr

Message Too Old, No Replies

PHP Vulnerability

     
11:23 am on Aug 9, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


These been going on for some while, however don't recall having this many in such a short time (15 minutes & 7 minutes). More than 2,200 requests from each.

All ate 403's

One from a Hungarian Colo and the other from Peer 1.
Both used blank UA's.
Both appear to be using the same software, as requests were duplicated on the two IP's.

69.90.47.167 - - [09/Aug/2014:03:41:58 -0600] "GET /0_admin/modules/Wochenkarte/frontend/index.php?x_admindir=http://www.google.com/humans.txt? HTTP/1.0" 403 794 "-" "-"

87.229.73.60 - - [08/Aug/2014:22:47:10 -0600] "GET /0_admin/modules/Wochenkarte/frontend/index.php?x_admindir=http://www.google.com/humans.txt? HTTP/1.0" 403 794 "-" "-"
9:25 am on Nov 28, 2014 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:23502
votes: 411


I'm seeing the http://www.google.com/humans.txt coming in from 89.35.160.61
10:09 am on Nov 28, 2014 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13255
votes: 359


Both used blank UA's.

Thank you, kind robots, for making it easy for us ;)