Hi guys
I am worried about this entry in my 'Protector Center' :
07/06/2005 14:48:12 Guests 24.194.25.74
Java/1.4.1_05 ParentDir Doubtful file specification '../../../../../../../../../../../../../../../../../etc/passwd' found.
Can anyone tell me what it means?
I've also posted at Xoops.org : see
this thread
hi tedsmith:
Quote:
I am worried about this entry in my 'Protector Center' :
07/06/2005 14:48:12 Guests 24.194.25.74
Java/1.4.1_05 ParentDir Doubtful file specification '../../../../../../../../../../../../../../../../../etc/passwd' found.
First, you should see
http://www.peak.ne.jp/xoops/md/xhnewbb/viewtopic.php?topic_id=842&forum=8&post_id=3085#fo...my conclusion:
- The attack will be never succeess. (There are no valuable information in /etc/passwd)
- The log tells you Protector protects your site from such a malicious attack successfully. (This is not a warning but a information)
Thanks GIJOE - your expertise valuable as always.
I've just updated both my sites to 2.54 - thanks GIJOE (and contributors) for all the work you do on this module.
I've noticed several warnings in my Protect Centre though, especially for my lost-doggies.com website. They read as follows :
26/11/2005 18:45:54 Guests 202.226.224.67
DataCha0s/2.0 CONTAMI Attempt to inject '_REQUEST' was found. Attempt to inject 'GLOBALS' was found.
24/11/2005 16:52:47 Guests 202.226.224.67
DataCha0s/2.0 CONTAMI Attempt to inject '_REQUEST' was found. Attempt to inject 'GLOBALS' was found.
19/11/2005 21:33:24 Guests 202.226.224.67
DataCha0s/2.0 CONTAMI Attempt to inject '_REQUEST' was found. Attempt to inject 'GLOBALS' was found.
29/09/2005 22:03:37 Guests 84.92.xxx.xxx
Firefox/1.0.6Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 ISOCOM Isolated comment-in found. (http://web.archive.org/web/*/www.lost-doggies.com)
29/09/2005 22:02:38 Guests 84.92.xxx.xxx
Firefox/1.0.6Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 ISOCOM Isolated comment-in found. (http://web.archive.org/web/*/www.lost-doggies.com)
Now, the last two I am not too worried about because they're my own IP addresses and therefore known to be OK (although I am still confused as to what the warning means? I did not try to hack my own site?). But the first three do worry me. They were done on three seperate days at three seperate times?
Does this look like a deliberate attampt at hacking my site (for some reason) and what exactly were they trying to do? I do not understand "Attempt to inject '_REQUEST' was found. Attempt to inject 'GLOBALS' was found." Is it connected to the 'register globals' settings?
Thanks
Ted
It looks random 'contamination' attack to some applications other than XOOPS.
Anyway, Protector protected your site from such attacks.
ISOCOM means that Protector found some text patterns like SQL Injection attack.
But this feature makes too many noises.
Ignore it.
Thanks for the piece of mind.
Ted