1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

There should be a law....

Discussion in 'Bits & Bytes' started by Biker, Feb 18, 2015.

  1. Biker

    Biker Administrator Staff Member

    Oh wait. There is.

    It's pretty bad when a freakin' software company has a compromised server that's being used for nefarious purposes.

    From the logs this morning:

    Time: Wed Feb 18 08:47:25 2015 -0500
    IP: 49.50.76.8 (IN/India/server.sgmsoftware.com)
    Failures: 5 (mod_security)
    Interval: 300 seconds
    Blocked: Permanent Block

    Log entries:
    Code:
    [Wed Feb 18 08:47:13.532880 2015] [:error] [pid 29326] [client 49.50.76.8] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/local/apache/conf/crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://picasa.com.flatabovefoodsbury.com/bad.php found within TX:1: picasa.com.flatabovefoodsbury.com/bad.php"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.globalaffairs.org"] [uri "/threads/wordpress-tim-thumb-exploit.68498/wp-content/themes/Yen/timthumb.php"] [unique_id "VOSX4c8HVGUAAHKOOQ4AAAAL"]
    Fucking script kiddies.
     

Share This Page