cancel
Showing results for 
Search instead for 
Did you mean: 

Website log shows hack attempts

oliverb
Grafter
Posts: 606
Registered: 02-08-2007

Website log shows hack attempts

Someone on "free.fr" attempted eight script exploits on my site. As my site is non-cgi I'm not worried but some of the the attacks actually gave the program name "DataCha0s/2.0".

DataCha0s attacks "awstats". There were also three probes for "tikiwiki" and one for xmlrpc.php which is used on some PHP CMSs.
4 REPLIES
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Website log shows hack attempts

Hi,

To be honest, I'm not all that surprised that you're seeing this. In the Internet world we live in there are an awful lot of "hackers" and "script kiddies" out there looking to try and hack into sites or deface them or even get into the servers themselves.

The best advice we can give to people is ensure that where they are using third part CGI sites, like a wiki or a forum that they stay up to date with the security updates that the authors provide.

We have designed the CGI platform to be as secure as we can, the design of which means that even if someone exploits a particular customer's CGI site that's all they'll be able to do. With Homepages as there's no CGI functionality the only real way of compromsing a site would be by knowing both the username and password to get to the FTP space.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Website log shows hack attempts

One other price of advice is not to use the default directory names offered during install of packages like phpBB. i.e. don't use things like forum or forums as the hackers know what the default directory names are. If you use a non-standard name then they are less likely to 1) find what they are looking for and 2) be able to exploit it.

I get hundreds of these 'attampts' dialy but as I use all non-standard directories they never find what they are looking for.
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Website log shows hack attempts

A good piece of advice from Peter.

Mine is do not have any scripts installed that you are a not using, or are not required.
It is often these “obsolete” scripts that provide the hacker with a gateway, as you are less likely to update them. Or keep an eye on them.

Also watch up for features that you do not use.

Chilly
oliverb
Grafter
Posts: 606
Registered: 02-08-2007

Website log shows hack attempts

Makes me wonder though...

Look at one of the probes:

perso0.free.fr - - [27/Jan/2007:15:25:10 +0000] "GET /cgi-bin/awstats.pl?configdir=|echo;id%00 HTTP/1.0" 404 93 "-" "DataCha0s/2.0" www.coaxialpower.com

That's the "pipe character in a parameter" exploit, that's so old. I mean surely a script that's going to have security implications (e.g. practically anything CGI) shouldn't ever use the shell when calling another program.