473,320 Members | 2,035 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Odd things in server logs

HaLo2FrEeEk
404 256MB
I'm not sure this has to do with PHP directly, but the page in question is a PHP one, so if this is in the wrong place could a mod please move it.

I was going through my server logs and I have been frequently seeing more and more pages with this URL, or one like it, in my "Failed Referrers":

Expand|Select|Wrap|Line Numbers
  1. http://www.infectionist.com/forum/index.php+++++++++++++++++++++++++++Result:+%E8%F1%EF%EE%EB%FC%E7%EE%E2%E0%ED+%ED%E8%EA%ED%E5%E9%EC+%22abrawnloxTrow%22
I urldecode()'d the string and it doesn't come out to anything readable. I'm getting worried about it because I just found two files in my template directory that were both exploits:

eval(gzinflate(base64_decode("...")));

With the "..." being a VERY long string that decoded to a PHP page that would be eval()'d and give someone complete access to my server, including searching for config files, htpasswd files, executing shell commands...the works.

Does anyone have any idea what this strange URL means? I know it was in the failed referrer section, but still...
Dec 10 '10 #1
3 1524
JKing
1,206 Expert 1GB
Is it a malformed link coming from another website?
Dec 10 '10 #2
HaLo2FrEeEk
404 256MB
Not that I can tell, it definitely looks like an exploit attempt, but it aso looks like it failed since it's in the failed referrers section.
Dec 10 '10 #3
JKing
1,206 Expert 1GB
Is it consider a failed referrer because it has a query string attached or because it has come from another site?
Dec 10 '10 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

4
by: Rutger Claes | last post by:
While developing a website, there is always a point at which I get "Connection to localhost is lost". If take a look at my server logs I see something like: child pid 17914 exit signal...
6
by: Martin Meyer im Hagen | last post by:
Hello, I've got installed Win 2003 SBS Premium with the SQL Server 2000 on a server machine. It works almost fine, except the application which uses the SQL Server. The main part of the...
2
by: Ali Syed | last post by:
I am having problems trying to get SQL server Agent to run an unattended backup of my databases. I setup (or think I did) a schedule in maintenance but it doesn't work. Is there a website or...
2
by: William | last post by:
Hello, I've just get the following in my server logs and I think it is pretty uncommon. Can anybody tell me if somebody is REALLY putting something on my site or, what does "options", "post" and...
6
by: hzmonte | last post by:
Is there anything in HTML or XML that can log the identity of the machine (e.g. node101.mit.edu) that accesses my web site?
13
by: Simprini | last post by:
I have a new box that was purchased specificaly as our dedicated db2 server. The drive setup is 1 single ide device holding the filesystem 2 8 disk RAID 5 arrays one for data, one for logging The...
9
by: AndersBj | last post by:
Hi all, I have a web application that uses State Server for session handling. The web application randomly loses all session variables. The sessions are not always lost, sometimes I can use the...
4
by: madzambonis | last post by:
Here is the situation.... We have Primary Server A linked to Standby Server B via HADR. Primary Server A has recently installed LOGARCHMETH1 to archive logs and a 2nd homegrown script that...
7
by: atyndall | last post by:
Basically, I have a email script which (on the sending of the email) writes into a file handle called $fcf (on a new line) with the senders ip address ($ipaddress) and the time on which they sent...
18
by: BDE Consulting | last post by:
I am going crazy. This has been a problem now for over a year and I have yet to figure out what is causing it. I have a single server that is running multiple domains. For this example I will...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.