Im reading access logs from a customer account on an ensim box, and this caught my eye:
[15/May/2004:08:38:11 -0400] "GET /modules.php?name=Forums HTTP/1.1" 500 540 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" "lang=english; phpbb2mysql_data
Im not sure what that means, but all of this accounts files have been deleted, but not including the database. The logs have about 5 different IP addresses inside, and i traced them to 2 different states.
Would you say this was a successful hack attempt, or no?
"modules.php?name=Forums" is a valid PHP-Nuke request.
You may want to search the log for other reasons the files may have disappeared. Especially with the gallery (coppermine, My_eGallery, etc modules that may be installed) Cross Site Scripting (XSS) holes that are now well known to most of the nuke community.
Glioblastoma Multiforme (GBM) Brain Cancer Awareness. May is Brain Cancer awareness month. Gray Matters!
Incurable, 6-18 months prognosis, survivors longer than 3 years less than 1% chance.
Don't like what I say? Ignore me.