Web Hosting Forum | Lunarpages
News: July 14, 2008 - New Contest! - Submit Your WordPress Theme Designs, Win BIG!
June 30, 2008 - Submit Your Site for the July 08 Site of the Month Award!
 
Home Help Search Calendar Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		July 25, 2008, 06:36:17 PM


Login with username, password and session length


Web Hosting Forum | Lunarpages > Lunarpages Web Hosting - Advanced Assistance > Lunarpages - Web Hosting, Email & PC Security > Someone trying to hack using "....xmlhttp://"?
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Someone trying to hack using "....xmlhttp://"?  (Read 584 times)
yave20b
Space Explorer
***
Offline Offline

Posts: 7
« on: April 14, 2008, 11:08:10 AM »
Starting about 2 weeks ago I've been seeing increased hacking attempts in my error logs.  I've figured out most of them and have put blocks in my htaccess file for most of them.  However, there is one I am getting hit with over and over again increasingly that I really can't find any information on.  The IP addresses from these attempts are always different and from all over the world.  Whatever or whoever is doing it always takes on the same basic pattern where they come to my website then type in the browser URL the following:

"http://www.mydomainname/sitemap.xmlhttp://hackersdomainname/images?" where "mydomainname" is my website's domain and "hackersdomainname" is someone else's domain....so far the two most frequent have been "workersparty.chat.ru" and "myweddingphotos.by.ru".

They always do this to my "/sitemap.xml" file.  When they do that it results in a 404 error.  As best I can tell, I've not seen any damage to my website from these attacks particular attempts.  I'm getting them about 3 or 4 times a day now. Does anyone know what the heck they are trying to accomplish from this?   
Logged
white_hacker
Trekkie
**
Offline Offline

Posts: 11
« Reply #1 on: April 17, 2008, 02:59:29 AM »
yave20b,

At a glance it may be a form of web service or cross-site request forgery attack. I won't get into the details of how they actually work. It's rather technical & there are many different ways to attack. If it follows the same pattern, it might simply be an automated scanner looking for holes. If it is a person doing it manually they don't seem to swift to keep trying the same pattern if it's clearly not working. There are a lot of script-kiddies or wannabe hackers. Who attempt to use tools with no real understanding how they work or what they are doing. Which is a good thing for the average user !. As someone shifting from the general I.T field into the hacking field (as an ethical hacker.. i.e good guy). I can't say what they are trying to do from the logs. The hacker mindset is rather unique & there's no standardized method hackers follow. I can only vaguely guess, even then it's impossible to get in someone's mind. No two hackers think alike.

What I would do personally is keep an eye on the logs, make sure all web scripts are up-to-date. That the files/folders don't have unnecessary access, i.e 755 permissions. Also do regular backups just in case. The reality is no computer connected to a network is safe from attacks. Web hosts being a prime target. Since it only takes one unsecured account on a shared server to get in. As long as there's no noticeable damage or changes, that's the main thing.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.3 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM