Re: [CentOS] decode http hack attempt?
See: http://code.taobao.org/p/tpbase/diff/2/trunk/ThinkPHP/Library/Think/App.class.php if(!$module) { +if('4e5e5d7364f443e28fbf0d3ae744a59a' == CONTROLLER_NAME) { +header("Content-type:image/png"); +exit(base64_decode(App::logo())); +} I think it's way to detect if system is running vulnerable version of ThinkPHP? -- Eero 2015-09-24 16:53 GMT+03:00 Tony Mountifield : > In article < > e4bd3a73fc95477064436043eb8a37ed.squir...@webmail.harte-lyne.ca>, > James B. Byrne wrote: > > Can anyone de-cypher the second entry for me? > > > > - httpd Begin > > > > > > Requests with error response codes > > 403 Forbidden > >/: 9 Time(s) > >/?c=4e5e5d7364f443e28fbf0d3ae744a59a: 3 Time(s) > > > > I have found the string via Google but have not located any explanation. > > It appears to be something to do with a PHP framework called ThinkPHP. > One of the hits when searching for it is for ThinkPHP on Google Code. > > Perhaps there is a vulnerability in ThinkPHP, and this access is from > a machine scanning for vulnerable sites? Just a guess. > > I don't think it has a meaning - it's just a 128-bit number expressed in > hex. > > Cheers > Tony > > -- > Tony Mountifield > Work: t...@softins.co.uk - http://www.softins.co.uk > Play: t...@mountifield.org - http://tony.mountifield.org > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] decode http hack attempt?
In article , James B. Byrne wrote: > Can anyone de-cypher the second entry for me? > > - httpd Begin > > > Requests with error response codes > 403 Forbidden >/: 9 Time(s) >/?c=4e5e5d7364f443e28fbf0d3ae744a59a: 3 Time(s) > > I have found the string via Google but have not located any explanation. It appears to be something to do with a PHP framework called ThinkPHP. One of the hits when searching for it is for ThinkPHP on Google Code. Perhaps there is a vulnerability in ThinkPHP, and this access is from a machine scanning for vulnerable sites? Just a guess. I don't think it has a meaning - it's just a 128-bit number expressed in hex. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] decode http hack attempt?
Can anyone de-cypher the second entry for me? - httpd Begin Requests with error response codes 403 Forbidden /: 9 Time(s) /?c=4e5e5d7364f443e28fbf0d3ae744a59a: 3 Time(s) I have found the string via Google but have not located any explanation. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos