dpubs-tech

[Dpubs-tech] Possible hack attempt?

[Henry G. <gri...@os...>]

Hi All,

While skimming through the AccessFailures logs, I found some unusual
requests that look like attempts to hack the site.  I recognize that such
attempts are not unusual, but wanted to double-check with y'all to see if
the pattern looks familiar and if there is any particular danger we should
be watching out for.

The slightly longer explanation is that the file
/DPubS/tmp/Subscription/AccessFailures.userid contains about a half dozen
entries in which the field for requested resource is not in DPubS format
(e.g., osul.dsq.test01/1205786348), but rather a URL.  I've copied and
pasted the URLs below, in case that might be helpful.

   - http://rabotnitsa.ru/joomla__/administrator/backups/arim/zaf/.
   - http://www.clubnataciotortosa.com/UserFiles/File/edut/ade/.
   - http://www.landi-sempach-emmen.ch/aktionen/image/zafecez/roxovef/.
   - http://mojazubarka.sk/test/admin/sicaqe/jufoxir/.
   -
   http://www.ce-enterprise.com/inetonlinetk/shop/files/img/logo_DarkBlueStyle/goge/oxag/
   .
   - http://chyngachanga.ru/content/wuge/okup/.

I guessing that the fact that these are showing up in the
access*Failures*log suggests that there's probably nothing to worry
about, but I wanted to
double-check.

Thanks,
Henry
-- 
Henry Griffy
Program Coordinator, Documentation & Training
Scholarly Resources Integration Dept
The Ohio State University Libraries
600 Ackerman Rd.
Columbus, OH 43202
Ph: 614-247-4663
Fx: 614-292-2015

Re: [Dpubs-tech] Possible hack attempt?

[Shin-Woo K. <sk...@co...>]

Those look like some hack efforts.
It looks like some people used those urls in place of handle.
Those shouldn't cause any problem to the system.

Shin-Woo

> Hi All,
>
> While skimming through the AccessFailures logs, I found some unusual
> requests that look like attempts to hack the site.  I recognize that such
> attempts are not unusual, but wanted to double-check with y'all to see if
> the pattern looks familiar and if there is any particular danger we should
> be watching out for.
>
> The slightly longer explanation is that the file
> /DPubS/tmp/Subscription/AccessFailures.userid contains about a half dozen
> entries in which the field for requested resource is not in DPubS format
> (e.g., osul.dsq.test01/1205786348), but rather a URL.  I've copied and
> pasted the URLs below, in case that might be helpful.
>
>    - http://rabotnitsa.ru/joomla__/administrator/backups/arim/zaf/.
>    - http://www.clubnataciotortosa.com/UserFiles/File/edut/ade/.
>    - http://www.landi-sempach-emmen.ch/aktionen/image/zafecez/roxovef/.
>    - http://mojazubarka.sk/test/admin/sicaqe/jufoxir/.
>    -
>    http://www.ce-enterprise.com/inetonlinetk/shop/files/img/logo_DarkBlueStyle/goge/oxag/
>    .
>    - http://chyngachanga.ru/content/wuge/okup/.
>
> I guessing that the fact that these are showing up in the
> access*Failures*log suggests that there's probably nothing to worry
> about, but I wanted to
> double-check.
>
> Thanks,
> Henry
> --
> Henry Griffy
> Program Coordinator, Documentation & Training
> Scholarly Resources Integration Dept
> The Ohio State University Libraries
> 600 Ackerman Rd.
> Columbus, OH 43202
> Ph: 614-247-4663
> Fx: 614-292-2015
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php_______________________________________________
> Dpubs-tech mailing list
> Dpu...@li...
> https://lists.sourceforge.net/lists/listinfo/dpubs-tech
>