2

I set up a website with my own custom PHP code. It appears that people from places like Ukraine are trying to hack it. They're trying a bunch of odd accesses, seemingly to detect what PHP files I've got.

They've discovered that I have PHP files called mail.php and sendmail.php, for instance. They've tried a bunch of GET options like:

     http://mydomain.com/index.php?do=/user/register/
     http://mydomain.com/index.php?app=core&module=global§ion=login
     http://mydomain.com/index.php?act=Login&CODE=00

I suppose these all pertain to something like LiveJournal?

Here's what's odd, and the subject of my question. They're trying this URL: 

     http://mydomain.com?3e3ea140

What kind of website is vulnerable to a 32-bit hex number?

Asker
  • 41
  • 1
  • 3
  • 1
    It's not so much that a host is *vulnerable* to a string, it's that a compromised host may reply in a specific way to specific GETs. POSTs/GETs are frequently used for controlling an infected host. It could very well be a bot just checking to see if this host is already infected. – jscott Nov 03 '12 at 23:24

1 Answers1

2

Maybe it's a "knock-knock" request, because it doesn't look like any common vulnerability. Please note, that script kiddies don't always know what they're doing.

FINESEC
  • 1,371
  • 7
  • 8
  • Knock-knock? Is that the technical term for it? – Asker Nov 03 '12 at 22:59
  • Well, it's how we call it (checking if a host is up) in our company ;-) – FINESEC Nov 03 '12 at 23:11
  • +1 - "script kiddies don't always know what they're doing". That shatters my vision of the hackers out there being really talented, misunderstood geniuses like they show in the movies. ;) – jmort253 Nov 03 '12 at 23:23
  • @jmort253 I've tried watching those movies. They're horrible. But the comedies that make fun of geeks, like The IT Crowd, are very good. – Asker Nov 04 '12 at 00:16
  • WarGames (1983) and Hackers (1995) were pretty good ;-) – FINESEC Nov 04 '12 at 00:25
  • Hackers? I fell asleep. Anyway, since when do the secret service have time to pursue hackers, when they're knee-deep in hoes? – Asker Nov 04 '12 at 02:51
  • @Asker: Maybe FINESEC confused it with Sneakers (1992)? – Teddy Nov 04 '12 at 04:37