PEAK XOOPS - Interpret this Protector warning in the Protect Center? 
Interpret this Protector warning in the Protect Center?
- You cannot open a new topic into this forum
- Guests cannot post into this forum
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2005/7/7 17:15
tedsmith
Posts: 64
Posts: 64
Hi guys
I am worried about this entry in my 'Protector Center' :
Can anyone tell me what it means?
I've also posted at Xoops.org : see this thread
I am worried about this entry in my 'Protector Center' :
07/06/2005 14:48:12 Guests 24.194.25.74
Java/1.4.1_05 ParentDir Doubtful file specification '../../../../../../../../../../../../../../../../../etc/passwd' found.
Can anyone tell me what it means?
I've also posted at Xoops.org : see this thread
Votes:6
Average:8.33
GIJOE
Posts: 4110
Posts: 4110
hi tedsmith:
Quote:First, you should see
http://www.peak.ne.jp/xoops/md/xhnewbb/viewtopic.php?topic_id=842&forum=8&post_id=3085#fo...
my conclusion:
- The attack will be never succeess. (There are no valuable information in /etc/passwd)
- The log tells you Protector protects your site from such a malicious attack successfully. (This is not a warning but a information)
Quote:
I am worried about this entry in my 'Protector Center' :07/06/2005 14:48:12 Guests 24.194.25.74 Java/1.4.1_05 ParentDir Doubtful file specification '../../../../../../../../../../../../../../../../../etc/passwd' found.
http://www.peak.ne.jp/xoops/md/xhnewbb/viewtopic.php?topic_id=842&forum=8&post_id=3085#fo...
my conclusion:
- The attack will be never succeess. (There are no valuable information in /etc/passwd)
- The log tells you Protector protects your site from such a malicious attack successfully. (This is not a warning but a information)
Votes:6
Average:8.33
tedsmith
Posts: 64
Posts: 64
Thanks GIJOE - your expertise valuable as always.
Votes:1
Average:0.00
tedsmith
Posts: 64
Posts: 64
I've just updated both my sites to 2.54 - thanks GIJOE (and contributors) for all the work you do on this module.
I've noticed several warnings in my Protect Centre though, especially for my lost-doggies.com website. They read as follows :
Now, the last two I am not too worried about because they're my own IP addresses and therefore known to be OK (although I am still confused as to what the warning means? I did not try to hack my own site?). But the first three do worry me. They were done on three seperate days at three seperate times?
Does this look like a deliberate attampt at hacking my site (for some reason) and what exactly were they trying to do? I do not understand "Attempt to inject '_REQUEST' was found. Attempt to inject 'GLOBALS' was found." Is it connected to the 'register globals' settings?
Thanks
Ted
I've noticed several warnings in my Protect Centre though, especially for my lost-doggies.com website. They read as follows :
26/11/2005 18:45:54 Guests 202.226.224.67
DataCha0s/2.0 CONTAMI Attempt to inject '_REQUEST' was found. Attempt to inject 'GLOBALS' was found.
24/11/2005 16:52:47 Guests 202.226.224.67
DataCha0s/2.0 CONTAMI Attempt to inject '_REQUEST' was found. Attempt to inject 'GLOBALS' was found.
19/11/2005 21:33:24 Guests 202.226.224.67
DataCha0s/2.0 CONTAMI Attempt to inject '_REQUEST' was found. Attempt to inject 'GLOBALS' was found.
29/09/2005 22:03:37 Guests 84.92.xxx.xxx
Firefox/1.0.6Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 ISOCOM Isolated comment-in found. (http://web.archive.org/web/*/www.lost-doggies.com)
29/09/2005 22:02:38 Guests 84.92.xxx.xxx
Firefox/1.0.6Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 ISOCOM Isolated comment-in found. (http://web.archive.org/web/*/www.lost-doggies.com)
Now, the last two I am not too worried about because they're my own IP addresses and therefore known to be OK (although I am still confused as to what the warning means? I did not try to hack my own site?). But the first three do worry me. They were done on three seperate days at three seperate times?
Does this look like a deliberate attampt at hacking my site (for some reason) and what exactly were they trying to do? I do not understand "Attempt to inject '_REQUEST' was found. Attempt to inject 'GLOBALS' was found." Is it connected to the 'register globals' settings?
Thanks
Ted
Votes:9
Average:3.33
GIJOE
Posts: 4110
Posts: 4110
It looks random 'contamination' attack to some applications other than XOOPS.
Anyway, Protector protected your site from such attacks.
ISOCOM means that Protector found some text patterns like SQL Injection attack.
But this feature makes too many noises.
Ignore it.
Anyway, Protector protected your site from such attacks.
ISOCOM means that Protector found some text patterns like SQL Injection attack.
But this feature makes too many noises.
Ignore it.
Votes:1
Average:0.00
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2005/12/13 3:43
tedsmith
Posts: 64
Posts: 64
Thanks for the piece of mind.
Ted
Ted
Votes:1
Average:10.00
Login