Re: PHP script attack?

---

• From: jwgoerlich@xxxxxxxxx
• Date: Mon, 24 Sep 2007 11:09:55 -0700

---

That comes from an automated scanner. Someone is trying to identify
your web server (e.g., OS, Http server, PHP version, et cetera) and
find vulnerabilities. Best to check that your web server is up-to-date
and your PHP is patched.

Regards,

J Wolfgang Goerlich


Related Links:

[Dshield] What is thisdoesnotexistahaha.php?
http://lists.sans.org/pipermail/list/2006-July/024862.html

Cacti remote injection exploit
http://www.freebsddiary.org/cacti-exploit.php

On Sep 24, 8:46 am, "Brion" <b...@xxxxxxxx> wrote:

Hi everyone,
Recently we've started getting error messages similar to the following:

Source: W3SVC-WP
Event ID: 2216

Description:
The script started from the URL '/thisdoesnotexistahaha.php' with parameters
'' has not responded within the configured timeout period. The HTTP server
is terminating the script.

The particular .php script involved has a different name each time. If I'm
reading this right, someone is trying to execute a php script somehow. The
server does host some websites that use php, and it has PostgreSQL installed
too. How are they attempting to execute a script? Via HTTP post? What are
they trying to do? Even if they find one of the php files on the server,
what good would it do them to execute it? Any advice is appreciated.

Thanks!

.

---

• Follow-Ups:
  • Re: PHP script attack?
    • From: Brion

• References:
  • PHP script attack?
    • From: Brion

• Prev by Date: Re: FTP for internal users and external customers.
• Next by Date: Re: Security Center is unabled
• Previous by thread: PHP script attack?
• Next by thread: Re: PHP script attack?
• Index(es):
  • Date
  • Thread

---

Relevant Pages mysqli error? ... I'm just setting up my php enviroment and I typed in a simple script ... # configuration directives that give the server its instructions. ... (comp.lang.php) Re: How do we get there from here? ... >> executing on the server as a pre-processor. ... If there are client side versions of PHP, ... > name implies a static text file, is it different from a PHP script? ... (comp.databases.pick) Re: Apache: limiting the execution place ... They want it so users can't use FTP, shell, or a CGI or PHP script to view, ... other users via shell, FTP, web server processes (such as PHP or CGI ... (Security-Basics) Re: PHP chmod Newbie Question ... How does the server keep ... how do I create user groups for chmod to recognize? ... CHMOD is for UNIX based servers, and the PHP chmod() ... edited or removed by the PHP script, and only read by the UNIX ... (comp.lang.php) Re: PHP in html ... additional calls to the server, ... to invoke a script handler for every single image. ... configuration of the webserver and the PHP interpreter. ... If you think interpreting all pages as PHP ... (comp.lang.php)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2007-09