Article 10480 at 07/07/29 12:21:20 From: greg.kuhnert (at mark) theanchoragesylvania.com Subject: [coba-e:10480] Php script vulnerabilities

Index: [Article Count Order] [Thread]

Date:  Sun, 29 Jul 2007 13:21:08 +1000
From:  Greg Kuhnert <greg.kuhnert (at mark) theanchoragesylvania.com>
Subject:  [coba-e:10480] Php script vulnerabilities
To:  BQ List <coba-e (at mark) bluequartz.org>
Message-Id:  <46AC07A4.7000106 (at mark) theanchoragesylvania.com>
X-Mail-Count: 10480

Hi all.

I was doing some digging in my log files to troubleshoot a problem, and 
I came across a bunch of weird URL's, where it appears that someone is 
trying to inject some code from other places. Thankfully, many of the 
pages they were trying to inject via did not exist on my server.

Anyway, the commands below will look at your log files. I would be 
interested if anyone else is getting hits on some of these.... and more 
importantly, what are the recommendations from some of the PHP guru's 
out there.

1. Look at old log files (more data to look at
gzip -dc /var/log/httpd/access_log*gz | grep "=http.* HTTP" | less
or
2. Just look at current apache log file.
grep "=http.* HTTP" /var/log/httpd/access_log

Regards,
Greg.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.