Forum Topic: logs: /../../../../../..

Forum: .htaccess Forum : General • Posted by RememberToForget • Updated:

Here's a good one, from access logs:

"GET /KikChat/private.php?name=../../../../../../../../../../etc/passwd%00 HTTP/1.0"

"GET /private.php?name=../../../../../../../../../../etc/passwd%00 HTTP/1.0"

"GET /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00

"GET /gwebmail/?module=../../../../etc/passwd%00

"GET /asaancart%20v-0.9/libs/smarty_ajax/index.php?_=&f=update_intro&page=../../../../../etc/passwd%00

...he just goes on and on and on, 299 different 'hacky' requests. All ending with 'passwd'.

Amazing. I now live in my access logs. :)

I'm remarkably slow at learning all of this, I have trouble with left-brain processing. I'm like Ronald reagan in his 90's.

I'm trying to find a post of yours, somewhere on your site, I remember seeing /../../../../../. and you were like, in reference to these kind of scans, "Are you kidding me?! You're going to this much trouble?? That is one *dark* SOB." (or whatever).

So anyway, this guy is using some kind of automated scanner/robot, looking for access to some password file, is he not? It's like some hacker program, yeah?

And once they get some password, then what? They delete all my files? I do have a pretty big email subscriber list, but other than that I don't see anything that could be of value to someone. My guess is its the feeling of cleverness/grandiosity that motivates most of them to actually live in that world.

2 Replies to “logs: /../../../../../..”

Jeff Starr
Posted by Jeff Starr

Yes, that looks like a malicious script that's looking for a vulnerability to exploit. Some attackers want to steal information, others want to get in and stay hidden, and others just want to wreck stuff. But yeah, it's definitely some sort of script.

Here is the article I *think* you're referring to:

https://perishablepress.com/evil-incarnate-but-easily-blocked/

..and as you are on the topic, I figure these may be useful as well:

https://perishablepress.com/malicious-server-scans/

https://perishablepress.com/building-the-5g-blacklist/

The 5G article there has a diagram if you scroll through that should be interesting :)

Stay sharp.

Posted by RememberToForget •

My woman just printed out the Regex Character Definitions, and I just finished taping it to the wall next to my desk, because last night I decided, "It's 6G time."

(I'm not a copy/paste guy, I insist on knowing what a thing does.)

Alright.

I feel like I'm going to war. .htaccess ninja