Skip past introduction.

WolfBlog

Reflections from a Swede in Norway.

Here you will find my small graffiti board where I write about things I come to think about.

In my blog, I write about the general unfairness of life, about spam mail, vintage computers, board games, Norwegians, current and not-so-current affairs, technology and whatever else occurs to me — in other words, a glorious mess. All opinion expressed here are of course my own, and all similarities with any living people is of course intentional.

These pages are using automatic language selection, if you prefer to read in Swedish, please use this page instead. See the help for info on how to make your web browser select the correct language automatically. A monthly overview is also available.

All text and pictures © copyright Peter Krefting, unless otherwise noted. More about the author.

New attack vectors

Published: Monday 2004-05-31.

The Internet crooks resort to new tricks all the time. When it no longer is possible to spam my guest book and all attempts at “fishing” for vulnerable formmail scripts are logged they seem to have resorted to attacking other targets (in addition to the other ones, they never stop). I regularly look through the log for my web server, and found these rather peculiar call list:

 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [27/May/2004:13:18:17 +0200]
  "POST /modules/coppermine/themes/default/theme.php HTTP/1.0" 403 241 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [27/May/2004:13:18:18 +0200]
  "POST /modules/4nAlbum/public/displayCategory.php HTTP/1.0" 403 240 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [27/May/2004:13:18:19 +0200]
  "POST /modules/coppermine/include/init.inc.php HTTP/1.0" 403 237 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [27/May/2004:13:18:20 +0200]
  "POST /index.php HTTP/1.0" 403 207 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [27/May/2004:13:18:21 +0200]
  "POST /modules/My_eGallery/public/displayCategory.php HTTP/1.0" 403 244 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [30/May/2004:12:57:25 +0200]
  "POST /modules/coppermine/themes/default/theme.php HTTP/1.0" 403 241 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [30/May/2004:12:57:27 +0200]
  "POST /modules/4nAlbum/public/displayCategory.php HTTP/1.0" 403 240 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [30/May/2004:12:57:27 +0200]
  "POST /modules/coppermine/include/init.inc.php HTTP/1.0" 403 237 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [30/May/2004:12:57:28 +0200]
  "POST /index.php HTTP/1.0" 403 207 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [30/May/2004:12:57:30 +0200]
  "POST /modules/My_eGallery/public/displayCategory.php HTTP/1.0" 403 244 "-" "Mozilla 4.0 (Linux)"
 cm-tvc-mii-c8b1a2b9.brdterra.com.br - - [30/May/2004:12:57:31 +0200]
  "POST /shoutbox/expanded.php HTTP/1.0" 403 219 "-" "Mozilla 4.0 (Linux)"

First of all, Mozilla 4.0 (Linux) isn’t a real web browser identifier, so it is obviously someone trying to attack my web server with some kind of automated tool. Furthermore, none of the addresses they are trying to attack exist, since I neither am using PHP nor the specific implementations they are attacking. The attacks are targeted for a vulnerable version of the photo gallery software Coppermine, as well as other vulnerabilities in 4nalbum, some in My eGallery and some in Shoutbox. One of the security holes was discovered as late as early May, which shows that you have to be alert if you want to avoid break-ins.

One thing I haven’t quite understood is why almost all the attacks of this kind that I receive are from Brazil of all places? Is the concentration of hooligans extra high there, or are their machines more easily cracked, meaning that their machines are used as springboards by others?

Categories: Internet. Share: Facebook, Google+, email

Comments

The article is older than a fortnight and has been closed for new comments.

Disclaimer: The comments are copyrighted by their respective authors. The web site owner takes no responsibility for the contents of the comments. Improper comments will be deleted.

  • Datum: 2004-06-01 08.17.49 CEST
  • Namn: Anders Carlsson
  • Sänt från: yestravel.com

Jag skulle tro att Brasilien är ett sådant land där många tillgodogör sig kunskaperna, men det finns inget vettigt att använda dem till, så i brist på annat ploppar datanördarna fram som angripare. Sydkorea torde också vara ett typiskt sådant land, även om de kanske har fler riktiga arbetstillfällen inom branschen.

| | Latest postings | This month | All months and categories

This page is best read on the Internet.

peter@softwolves.pp.se