I think I got that last of the botters that are trying to ruin this site

Wed, 04 Dec 2013, 9:03am	I think I got that last of the botters that are trying to ruin this site »
Xenia Scout Registered: Jul, 2012 Last visit: Mon, 22 Sep 2014 Posts: 30	scott wrote: php is another type of coding language which this site does not use. This site is written in ruby. If someone is using this site normally, they will never access a page that ends in .php. It's botters because they try to guess the page name (index.php) or try and access admin.php to try and hack into the site administration (which also doesn't exist). It's funny because they try to do stuff like this that I grabbed from the logs: * URL: POST wlodb.com/topics/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 * Format: application/x-www-form-urlencoded * Parameters: {"plugin"=>"imgmanager", "option"=>"com_jce", "task"=>"plugin", "version"=>"1576", "json"=>"{\"fn\":\"folderRename\",\"args\":[\"/config.inc.gif\",\"config.inc.php\"]}", "cid"=>"20", "file"=>"imgmanager"} * Rails Root: /u1/app/wlodb Basically, they try to use a php plugin called image manager (which doesn't exist on this site) to upload an image and then inject some code in the javascript to rename their image file to config.php file so they would gain access. Don't try and copy and paste that link our you will get auto-banned just like the bot. I totally was not curious about it, nope. Nope nope nope. But ah, the site loads a lot faster than before now. It's made quite the difference o.o Was that the only problem in the site?
Offline	Link

Wed, 04 Dec 2013, 9:03am

I think I got that last of the botters that are trying to ruin this site »

Xenia: Scout; Registered: Jul, 2012; Last visit: Mon, 22 Sep 2014; Posts: 30

scott wrote:
php is another type of coding language which this site does not use. This site is written in ruby. If someone is using this site normally, they will never access a page that ends in .php. It's botters because they try to guess the page name (index.php) or try and access admin.php to try and hack into the site administration (which also doesn't exist).

It's funny because they try to do stuff like this that I grabbed from the logs:

* URL: POST wlodb.com/topics/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20
* Format: application/x-www-form-urlencoded
* Parameters: {"plugin"=>"imgmanager", "option"=>"com_jce", "task"=>"plugin", "version"=>"1576", "json"=>"{\"fn\":\"folderRename\",\"args\":[\"/config.inc.gif\",\"config.inc.php\"]}", "cid"=>"20", "file"=>"imgmanager"}
* Rails Root: /u1/app/wlodb

Basically, they try to use a php plugin called image manager (which doesn't exist on this site) to upload an image and then inject some code in the javascript to rename their image file to config.php file so they would gain access.

Don't try and copy and paste that link our you will get auto-banned just like the bot.

I totally was not curious about it, nope. Nope nope nope.

But ah, the site loads a lot faster than before now. It's made quite the difference o.o Was that the only problem in the site?

Offline

Link