This is Lamar Spells's TypePad Profile.
Join TypePad and start following Lamar Spells's activity
Join Now!
Already a member? Sign In
Lamar Spells
Recent Activity
I have seen the same LFI and code injection attacks discussed here and today yet more PHP attacks. This time, an attempt to exploit phpthumb via CVE-2010-1598. Full details along with IPs seen are at: http://foxtrot7security.blogspot.com/2011/12/new-attempts-to-exploit-old-phpthumb.html Anyone else see a big uptick in this activity today?
Toggle Commented Dec 23, 2011 on [Honeypot Alert] User Agent Field Arbitrary PHP Code Execution at SpiderLabs Anterior
Ryan, You are correct. This issue is apparently related to the awstats issue we discussed last week, along with some additional information regarding code injection against phpAlbum: http://foxtrot7security.blogspot.com/2011/12/attacks-against-awstats-also-includes.html
Toggle Commented Dec 19, 2011 on [Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected at SpiderLabs Anterior
@Ryan -- agree completely. There are also some older PHP versions running around out there and at least one of the IPs was/is running Joomla. Lots of other ways to attack other than Apache, but Apache seems to be a pretty common link. Of course, that's to be expected...
Toggle Commented Dec 16, 2011 on [Honeypot Alert] Awstats Command Injection Scanning Detected at SpiderLabs Anterior
Some additional analysis and advice: Patch your ancient versions of Apache too! http://foxtrot7security.blogspot.com/2011/12/importance-of-patching.html
Toggle Commented Dec 16, 2011 on [Honeypot Alert] Awstats Command Injection Scanning Detected at SpiderLabs Anterior
Lamar Spells is now following The Typepad Team
Dec 16, 2011
Subscribe to Lamar Spells’s Recent Activity
The Typepad Team
View all »
0 Favorites
Around The Web