Yesterday night was a night with a lot of activity on this site. No less than four obvious hacking attempts were made, all automated attacks from script wankers. The attack is quite simple: By entering PHP code in a form field, the attacker tries to run shell scripts on the server. If the PHP code is allowed to execute, i.e. the tags are not stripped or converted to plain text, and the server is configured to allow PHP to run shell scripts, the attacker will upload various other PHP scripts and files that can be executed at a later time. I’ve seen this a few times before, when my l337 haxx0r friend AReK_5bY tried to take advantage of a security flaw in the blog software I used at that time. Thanks to my unpatched version of Greymatter, and a badly configured server, he was actually able to brake in and run his PHP Shell script.
This time, the attacker was someone who might be calling himself or themselves Brutalside. The attacker tried three times on the previous entry and on entry #408. But this time, it was not successful, thanks to myself and my host Segment Publishing.
I could of course go further with this, but at this point I feel that I really don’t care. The attack is amateurish and could be set up by any newbie. Even I could do this. Script kiddies; please go away. Go out, get a life, enjoy the sun. Wrote the guy who works twelve hours a day and posts pictures of half nude Colombian chicks from Cali es Cali on his site every day. Oh, well…
vegard at vegard dot netwith your input. You can also use any of the other points of contact listed on the About page.
|2004-07-07 08:38 CET|