someone scanning for "cmd.php". Should I ban IP address?
neoliminal - February 5, 2007 - 15:42
I was looking at my log for a site I'm developing. It's not even in produciton yet, but someone found it and was looking around. They started by looking for /cmd.php and then various other location with cmd.php in them. Should I ban this IP address? Why are they looking for cmd.php?
injection vulnerability
Look here: http://secunia.com/advisories/23528
2nd of 4 vulnerabilities states: 2) Input passed in the URL to cmd.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This is (I think) specific to PHPbb, which I do not use. Someone else can probably tell you more.
Thanks. I just made it a 404 like it's in ASP
That should throw them for a loop.
Are you sure...
Are you sure it's not a serach engine robot? I find them loking at all kind of things that I don't think they have any business looking at. Yahoo's various bots are the worst.
Take the IP address and go to a WhoIs site and see who owns that IP. Report the attempts to their administrative contact.
Nancy W.
proudly running 3½ sites on Drupal so far