HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Hack attempt?

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#78974 (In Topic #16121)
Avatar

Community saint

I am getting quite a few of these.  Don't know if it is anything to be concerned about.  But must be the normal china/russia hackers looking for a way in...  I dunno.

A potential hacking attempt has been detected. Please do not be alarmed: approximately half of the suspected attempts are triggered innocently (the software intentionally has a paranoid security model, to give you very high security). Real hacking attempts are almost always caused by 'bots' (computer programs) that automatically crawl the internet looking for websites which may contain vulnerabilities, and then reporting any found vulnerabilities to their 'master' for future exploitation (usually, to assist in spam relaying). If this was a real hack attempt, it has failed - you might want to try and analyse the logged details (in case it gives clues to a real and persistent offender). More information on security is given in the software documentation.

Reason: A suspicious GET parameter was given (page as ../../../../../../../../../../../../../../../proc/self/environ )
IP address: 50.23.112.226
Member ID: 1
Username: Guest
User Agent (typically, the web browser): libwww-perl/6.03
Referrer:
Operating System:
Date and time: 3:14 AM
URL: /forum/index.php?page=../../../../../../../../../../../../..
/../../proc/self/environ%00



Paul
Back to the top
 
Posted
Rating:
#78991
Avatar

Community saint

They try to get into your server with this command 'GET" . A good provider will have security this command. Mostely the hacker use the "LAME HACK" for this. Look down under the warning. If needed ask your provider if the could secure the "GET" command.


http://digiflash.nl Photo community  (dutch)
Back to the top
 
Posted
Rating:
#79023
Avatar

Community saint

Harry-

I had a similar GET on my site. Are you saying that the host should do more than to return a 404 or is getting the 404 a sign that security is in place.

Thanks for your help.

Bob
Back to the top
 
Posted
Rating:
#79033
Avatar

Community saint

@Bob,

If you are on a dedicated server the provider can secure the GET command, to a share server its on the provider if they want to give this servide to her cliŽnts. So ask your hosting provider if they can secure this.


http://digiflash.nl Photo community  (dutch)
Back to the top
 
Posted
Rating:
#79046
Avatar

Community saint

I am getting a lot of these.   But if OCPortal is catching them, is it really an issue?


Paul
Back to the top
 
Posted
Rating:
#79047
Avatar

Community saint

I've just been banning the IPs as I catch them. Honestly, I'm much more concerned by the content scrapers I am dealing with. I had two of them hit the site yesterday at the same time and spike resource CPU. And this after I have banned the former Soviet Bloc countries and Asia except for Japan. I still have some IPs slipping through my blocklist but their going to have to start hitting from Africa or SA which I have not yet blocked. SA would be a particularly tricky one since I want traffic from many of those countries.

Bob
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: