Hi
Could anyone tell me what these Protector logs mean?
2006/11/8 2:20:51 Guests 195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) NullByte Injecting Null-byte '//195.209.41.200/folder/info.txt ' found.
2006/11/8 2:20:30 Guests 195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) NullByte Injecting Null-byte 'php://input ' found.
2006/11/8 2:19:59 Guests 195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) NullByte Injecting Null-byte 'php://input ' found.
2006/11/6 18:29:38 Guests 195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) NullByte Injecting Null-byte '//195.209.41.200/folder/info.txt ' found.
2006/11/6 18:29:16 Guests 195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) NullByte Injecting Null-byte 'php://input ' found.
2006/11/6 18:29:11 Guests 195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) NullByte Injecting Null-byte '//195.209.41.200/folder/info.txt ' found.
2006/11/6 18:28:54 Guests 195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) NullByte Injecting Null-byte 'php://input ' found.
2006/11/6 14:50:08 Guests 195.137.160.67
IE 6.0Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) NullByte Injecting Null-byte '//195.209.41.200/folder/info.txt ' found.
The only reference I haqve found to it is in this news article :
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=111but I do not understand.
Does this look like a manual hacking attempt by a deliberate individual?
Thanks
Ted
It looks real attacking log
Using "php://input" means a definite malice.
Anyway the log means protector prevent from the attack.
Of course, I don't know another attacks were tried or not.
Thanks GIJOE.
I have looked up some info about the 'technique' of null byte injections which can be read about here :
http://ha.ckers.org/blog/20060914/php-vulnerable-to-null-byte-injection/Thanks GIJOE for your super module!
Ted