Announcement

Collapse
No announcement yet.

Is someone trying to hack me?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is someone trying to hack me?

    This came across on my "Who's Online" page a few minutes ago...

    "curl/7.9.5 (i586-pc-linux-gnu) libcurl 7.9.5 (ipv6 enabled)"

    He was trying to do this:
    /newreply.php?do=http://217.59.104.224/&p=http://217.59.104.224

    What in the world? Is he trying to look for holes? Might he have found something?

    Help...?
    Pipe and Cigar Discussion Forum and Reviews
    My Pipe and Cigar Store in Bellingham, Washington

  • #2
    Some "l33t" script kiddy trying to exploit somthing that doesnt exsist, its nothing id be overly worried about.

    Comment


    • #3
      eh, thanks...it worried me for a sec..

      Pipe and Cigar Discussion Forum and Reviews
      My Pipe and Cigar Store in Bellingham, Washington

      Comment


      • #4
        *mocks script kiddy*

        |'/\/\ 60/\//\//-\ 63+ `/0|_|!!!1!!1!!221one

        *end mocking*

        Sorry, had to get that out of my system. ^_^;
        Ryan Ashbrook - My Blog - My Twitter

        Comment


        • #5
          Originally posted by Ryan Ashbrook
          *mocks script kiddy*

          |'/\/\ 60/\//\//-\ 63+ `/0|_|!!!1!!1!!221one

          *end mocking*

          Sorry, had to get that out of my system. ^_^;
          wow that was hard to read

          MGM out

          Comment


          • #6
            he's basically taking any referenced variable on the page and putting in his URL. He's been doing it to other people as well.
            Scott MacVicar

            My Blog | Twitter

            Comment


            • #7
              Originally posted by Scott MacVicar
              he's basically taking any referenced variable on the page and putting in his URL. He's been doing it to other people as well.
              Scott any idea what he is trying to do?

              Comment


              • #8
                Brute force check for XSS I would guess.
                Christopher Padfield
                Web Based Helpdesk
                DeskPRO v3.0.3 Released - Download Demo Now!

                Comment


                • #9
                  Whats that in english please?
                  TopDog

                  Comment


                  • #10
                    lol..yeah what was that?

                    Got a Boxer?
                    BoxerTalk

                    Comment


                    • #11
                      http://whatis.techtarget.com/definit...550928,00.html

                      its one of those
                      Scott MacVicar

                      My Blog | Twitter

                      Comment


                      • #12
                        Thanks for the link Scott. I understand what they are but what is:
                        Brute force check for XSS I would guess
                        if you don't mind?
                        TopDog

                        Comment


                        • #13
                          He's basically taking every variable thats in a link and replacing it with a URL. He'll then search his logs to see if any script actually fetched his URL. If so then he's found a security hole. He's looking for arbitary code execution.

                          XSS is something different, it involves being able to output html to a website and this isn't something he's doing. It would involce something similar like passing in <myhtml> and seeing if it was passed out in the page.

                          Though I suspect this is a program just scanning all programs and not something specifically aimed at vbulletin.
                          Scott MacVicar

                          My Blog | Twitter

                          Comment


                          • #14
                            er..
                            Thanks for taking the time to clear it up.
                            TopDog

                            Comment


                            • #15
                              Scott, he is using curl which is a way to remotley execute a POST/GET command on a website and get back the results. My guess is that he then just checks all the pages he gets back for the IP address he listed (he could have used anything there) and if he finds that on the page, hey presto there is an XSS security issue.

                              Doing arbritary code execution would be a lot harder to check for, because it would often matter what the variable is that is being sent, e.g. to check for SQL injection it would make a big difference what the variable is; just sending the IP address would probably not reveal a case of SQL injection.

                              Nothing to worry about though
                              Christopher Padfield
                              Web Based Helpdesk
                              DeskPRO v3.0.3 Released - Download Demo Now!

                              Comment

                              Loading...
                              Working...
                              X