[TYPO3-english] "com_simpledownload"??
Axel Joensson
a.joensson at web.de
Tue Feb 25 17:53:56 CET 2014
Ralf-Rene Schröder <ralf.rene at online.de> wrote:
> Am 25.02.2014 17:24, schrieb Axel Joensson:
> > Wonderful, if people can manipulate the source code of a website without
> > even entering the backend.
> they try it every day ... and it's our job to fight against it ;)
Very funny hint, really.
Especially if considering that the IP regularly leaving behind this mess
belongs to Yandex (141.8.147.20) and that it additionally regularly
modifies it's attacks (I can't call such requests something else but an
attempted attack):
141.8.147.20 - - [24/Feb/2014:00:02:03 +0100] "GET
/zh/index.html?option=com_simpledownload&controller=../../../../../../..
/../../../../../../../../proc/self/environ\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\0 HTTP/1.1" 200 2224 "-" "Mozilla/5.0 (compatible;
YandexBot/3.0; +http://yandex.com/bots)"
141.8.147.20 - - [24/Feb/2014:01:34:05 +0100] "GET
/zh/index.html?controller=../../../../../../../../../../../../../../../p
roc/self/environ\\\\\\\\\\\\\\\\0&option=com_simpledownload HTTP/1.1"
200 2235 "-" "Mozilla/5.0 (compatible; YandexBot/3.0;
+http://yandex.com/bots)"
It is difficult for me to imagine why a Russian search engine tries an
old Joomla exploit to crack TYPO3 websites? Let's wait and see how long
they will need to come around with another IP after I added this in the
htaccess:
order allow,deny
deny 141.8.147.20
allow from all
Am I right that I don't have to restart Apache after changing htaccess?
At least I didn't have to do in the past ...
More information about the TYPO3-english
mailing list