Comments for PHP Vulnerabilities and Logging

[phinjensen]

Comments for https://www.endpointdev.com/blog/2012/03/php-vulnerabilities-and-logging/
By Steph Skardal

To enter a comment:

1. Log in to GitHub
2. Leave a comment on this issue.

[phinjensen]

original author: Greg Sabino Mullane
date: 2012-03-15T14:44:12-04:00

Perhaps the WordPress problems are not of the simple GET url variety?

[phinjensen]

original author: Steph Skardal
date: 2012-03-15T14:52:22-04:00

Greg: Yes, it's possible, but I should have noted that I was dumping all of the requests from this little crawler, not just GET requests. But absolutely, the WordPress vulnerabilities may be more complex and were just not what this crawler was trying to hit.

[phinjensen]

original author: Kirk Harr
date: 2012-03-15T22:01:42-04:00

I get these all the time in my firewall and access logs for web servers. It seems to be basically periodic sweeps of the entire public IP address space from random IPs in APNIC/RIPE. Likely these GET requests are just an initial ping to identify potential targets for exploit to be further investigated later. I also have almost no valuable data anywhere near accessible on those hosts, but the intertubes are seeming more hostile these days. The botnet arms race has really taken its toll.