hacker access to .php files and Patterns

PeterSwiss

I frequenty receive hacking attempts :
POST /blog/xmlsrv/xmlrpc.php
GET /cvs/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1...
GET /index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content...
that try weak versions of xmlrpc.php and of mambo (a CMS). The path part in these requests is very varying, i.e. they try every usual path at every conceivable IP address. I do not use these softwares. Abyss is X1.

I would like to block that I little bit more than just a 404. Is a pattern of /*xmlrpc* matching the first request? Is pattern of /*_REQUEST* matching the 2nd and 3rd request (_REQUEST is in the QUERY_STRING part of the URI). Will that work in Access control? Could I do a redirect of these patterns?

AbyssUnderground · - Joined: 31 Dec 2004 Posts: 3855

You should ignore these hacking attempts if you do not use the software they are trying to hack. It will not harm your system. They happen to everyone at some point.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk

PeterSwiss · Posted: Sat Jun 10, 2006 3:21 pm Post subject:

I would like to catch them somehow to be informed and to have high barriers against them. Redirect would have even more advantages.

The question, whether "a path pattern matches after the ?", is useful by itself.

I will have found out soon by myself.

aprelium · - Joined: 22 Mar 2002 Posts: 6800

PeterSwiss,

Antihacking will take care of these bad requests and automatically ban their originating IP if there are too much of them ("too much" is configurable).

You can also add IP access rules for some paths (you can even use patterns) and deny them for all IP addresses.
_________________
Support Team
Aprelium - http://www.aprelium.com

PeterSwiss

TRUSTAbyss · - Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA

For Anti-Hacking:

Make sure you have a favicon.ico file in your Document Root (htdocs), otherwise
some of your visitors might get banned because of the absense of a favicon file.

Note: Firefox requests a favicon.ico each time you access the website, but if this
file doesn't exist, it will cause a 404 error, which is a 1/2 Bad Request and could
cause the person to be banned by accident.

PeterSwiss · Posted: Sun Jun 11, 2006 1:02 am Post subject:

What should be the contents of favicon.ico? respectively, will an empty file make FF enough happy??

TRUSTAbyss · - Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA

A favicon.ico is simply a web browser icon that is displayed in the bookmarks of
Internet Explorer, and the address bar of Firefox.

Look in the console folder of Abyss Web Server program folder and you will find
the favicon.ico that is used in the console area.

PeterSwiss · Posted: Sun Jun 11, 2006 8:50 am Post subject:

TRUSTAbyss · - Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA

I don't know, just use whatever icon you can think of. I'm just letting you know
of what might happen if you don't have that file. I don't even use the anti-hack
ing feature to tell you the truth (Don't need it right now).

PeterSwiss · Posted: Sun Jun 11, 2006 11:45 pm Post subject:

Thank you. A favicon.ico is definitely needed. I let FF figure out how it handles the invalid format.