Oct 11, 2006

Union injection hackers

A hacker not already noticed in your blog tried to hack my site last week with triying to inject code in my php page. If you are interrresting, Here are their IP and domain name : 66.110.9.76 89.108.91.144 202.8.85.44 Domain icezinhu.by.ru They tried injection whith this command file texte http://icezinhu.by.ru/ice.txt


I checked the url and the hack file no longer exists. If you have not already installed M&M Autoban you should because it will let you scan for all of those hacks.

I am adding the domain by.ru as a hacker website. Here is the current list of sites hosting the injection scripts. For those that don't understand they will post a union injection into your script with the url of a text file to run. Your poorly written script will then run that script and they will get full access to your server.

void.ru
paupal.info
expl0itz.com
echo.or.id
200.72.130.29
persiangig.com
fullcrew.net
paginas.aol.com.br
shikoe.net
by.ru

M&M autoban scans all the post and get data strings looking for anything that might be an injection.

No comments: