Weasel, and other webmasters
|
Author |
Message |
'www.youn00b.com'
Forum Moderator
Member Lvl: 72
Egg Points: 1110152
Posts: 10517
AIM YIM
|
| Posted: Mar 22, 2007 4:38 a.m. - Subject: Weasel, and other webmasters |
| |
Since I log all user agents and IP addresses, I found something of a little oddity. I figured since many of us RE members have sites, you may want to be informed.
Quote: Morfeus Fucking Scanner
Accessor IP:69.94.131.24
URLAccessed==(my IP)
Some other site did more research and found this:
Quote:
system($_GET[’cmd’]);
die ("Morfeus hacked you");
?>
I’m not sure how savvy most people are with how PHP works, but I recognized this immediately. It’s trying to look for global variables and rewrite them to include this M.txt php 5cript. It’s definitely a pretty clever attack, I’ll give it that.
It doesn’t look like it’ll do much to me, but I’ve heard of several sites getting hit with this over 1000 times in a matter of seconds.
So, for all of you people that want to protect your site, here’s a little 5cript:
HERE It’s in text format so you can copy it to your server.
It works by:
-Blocking this IP that the attack came from (duplicate the if statements for other IP’s)
-Blocking IP access to your site, requiring a domain
-Denies any useragent with ’Fuck’ in the name
You SHOULD put this BEFORE the HTML is presented in any header to block the largest array of pages on your server.
|
Normal Egg
Member Lvl: 5
Egg Points: 964
Posts: 5
AIM
|
| Posted: Mar 22, 2007 4:39 a.m. - Subject: |
| |
:O
|
Normal Egg
Member Lvl: 3
Egg Points: 434
Posts: 176
|
| Posted: Mar 22, 2007 5:32 a.m. - Subject: |
| |
You deserve an e-cookie =)
|
'www.youn00b.com'
Forum Moderator
Member Lvl: 72
Egg Points: 1110152
Posts: 10517
AIM YIM
|
| Posted: Mar 22, 2007 5:43 a.m. - Subject: |
| |
I have a few from RE :D
|
Master Egg
Member Lvl: 32
Egg Points: 368984
Posts: 4439
AIM
BLOCKED, EXPIRES Dec 14, 2008
|
| Posted: Mar 22, 2007 5:56 a.m. - Subject: |
| |
RER is teh secksy gawd-like n00b hunter!
|
|
| Posted: Mar 22, 2007 12:18 p.m. - Subject: |
| |
bump, weasel needs to see this, Have you messaged him?
|
|
| Posted: Mar 22, 2007 12:25 p.m. - Subject: |
| |
What’s in the m.txt file? Malicious code? Anthrax? A sequel to the Inconvenient Truth?
|
Power Egg
Member Lvl: 21
Egg Points: 254309
Posts: 2956
AIM YIM
|
| Posted: Mar 22, 2007 2:40 p.m. - Subject: |
| |
BUMP@!!!!!
|
Newb
Member Lvl: 1
Egg Points: -496839
Posts: 18279
AIM
|
| Posted: Mar 22, 2007 2:42 p.m. - Subject: |
| |
Damn 12 year olds with a slight knowledge of js
|
|
| Posted: Mar 22, 2007 9:37 p.m. - Subject: |
| |
b00mp
|
Normal Egg
Member Lvl: 8
Egg Points: 10414
Posts: 1058
|
| Posted: Mar 22, 2007 9:49 p.m. - Subject: |
| |
Quote: etting hit with this over 1000 times in a matter of seconds.
***Cries in corner***
|
'I bring the fire'
Member Lvl: 60
Egg Points: 676789
Posts: 5447
AIM
|
| Posted: Mar 22, 2007 9:55 p.m. - Subject: |
| |
as a memeber with little to no knowledge of this kind of stuff... is there anything I, myself, should be worried about?
|
'www.youn00b.com'
Forum Moderator
Member Lvl: 72
Egg Points: 1110152
Posts: 10517
AIM YIM
|
| Posted: Mar 23, 2007 2:54 p.m. - Subject: |
| |
^No, this only affects servers and sites operating on PHP Hypertext Preprocessor.
Quote: bump, weasel needs to see this, Have you messaged him?
No, I haven’t. Feel free too.
Quote: Damn 12 year olds with a slight knowledge of js
Yea, no shit.
Quote: What’s in the m.txt file? Malicious code? Anthrax? A sequel to the Inconvenient Truth?
I don’t know what "m.txt" file you speak of, but if it’s the one I link to, how about you click it?
----
Sorry for the delayed response to this topic.
|
'www.rombarded.com'
Member Lvl: 72
Egg Points: 1371637
Posts: 12967
|
| Posted: Mar 23, 2007 3:07 p.m. - Subject: |
| |
I just tested this on RER’s site with my User Agent Switcher extension for firefox, and it works 100%.
|
Normal Egg
Member Lvl: 6
Egg Points: 434
Posts: 282
AIM
|
| Posted: Mar 23, 2007 3:13 p.m. - Subject: |
| |
thats a cool ass 5cript.
|
Power Egg
Member Lvl: 24
Egg Points: 506481
Posts: 5531
|
| Posted: Mar 23, 2007 3:26 p.m. - Subject: |
| |
ahh gotta love 12 yr old 5cript kiddies!
|
|
|
