Possible security attack!

Hi,

I received more than 50 emails from my site with subject line "Possible security attack" and body as shown below:

======================================================

Total impact: 24

Affected tags: xss, csrf

Variable: REQUEST.body | Value: comment2, <a href=\"http://anime2share.com/blowjob/generic-viagr_a-meltabs.html\">samus aran hentai</a>, gecbdw, <a href=\"http://sandrascloset.net/m_in.html\">money coat of arms</a>, 700158, <a href=\"http://intervaluesa.com/a/language/f_naok_o.html\">keira knightley nude</a>, 550, <a href=\"http://www.triggerplus.com/FCKeditor/_testcases/003.html\">orochimaru is the savior</a>, 8-[, <a href=\"http://www.1healthweb.info/1health/wp-register.php\">craiglist antelope valley ca</a>, znml, <a href=\"http://www.fotep.com/search/Dali-Hell-101b.html\">miranda cosgrove gallery</a>, mdp, <a href=\"http://www.triggerplus.com/html-olds/c_ontact.html\">http://www.triggerplus.com/html-olds/c_ontact.html</a>, 930, <a href=\"http://www.fishmaldives.com/_derived/language/in_dex3.html\">yukiko

kimura nude</a>, 3723,

Impact: 12 | Tags: xss, csrf

Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1

Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2

Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33

Variable: POST.body | Value: comment2, <a href=\"http://anime2share.com/blowjob/generic-viagr_a-meltabs.html\">samus aran hentai</a>, gecbdw, <a href=\"http://sandrascloset.net/m_in.html\">money coat of arms</a>, 700158, <a href=\"http://intervaluesa.com/a/language/f_naok_o.html\">keira knightley nude</a>, 550, <a href=\"http://www.triggerplus.com/FCKeditor/_testcases/003.html\">orochimaru is the savior</a>, 8-[, <a href=\"http://www.1healthweb.info/1health/wp-register.php\">craiglist antelope valley ca</a>, znml, <a href=\"http://www.fotep.com/search/Dali-Hell-101b.html\">miranda cosgrove gallery</a>, mdp, <a href=\"http://www.triggerplus.com/html-olds/c_ontact.html\">http://www.triggerplus.com/html-olds/c_ontact.html</a>, 930, <a href=\"http://www.fishmaldives.com/_derived/language/in_dex3.html\">yukiko

kimura nude</a>, 3723,

Impact: 12 | Tags: xss, csrf

Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1

Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2

Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33

REMOTE_ADDR: 94.102.63.90

HTTP_X_FORWARDED_FOR:

HTTP_CLIENT_IP:

SCRIPT_FILENAME: /home/wmalluju/public_html/contact.php

QUERY_STRING:

REQUEST_URI: /contact.php

QUERY_STRING:

SCRIPT_NAME: /contact.php

PHP_SELF: /contact.php

==========================================================

The last email was with a subject like "Security attack was stopped" with body as below:

==========================================================

Total impact: 44

Affected tags: xss, csrf, sqli, id, lfi

Variable: REQUEST.body | Value: comment3, <a href=\"http://muesca.es/visor3dcentro.htm\">schoolgirl virgin</a>, 9979, <a href=\"http://www.dynamicpsy.ro/hukj/language/12_2.html\">girls grabbing girls boobs</a>, :OOO, <a href=\"http://tribbett.org/indexn.html\">milk shakes recipes</a>, 758, <a href=\"http://torec.net/bha/5003.html\">7 up cake recipe</a>, frjpvi, <a href=\"http://jaytv.ch/spiractin/aldactone-sale-online.html\">cuckold creampie</a>, ywi, <a href=\"http://eunhyechung.com/de_au_lt7.html\">secretaria educacion soacha</a>, 1735, <a href=\"http://chinatripadvisor.com/english/help/453.screen.banners.client.html\">young glamour models tgp</a>, 01385, <a href=\"http://www.hohlraumvolumen.de/ki5/10112.html\">true sissy husband stories</a>, 2616,

Impact: 22 | Tags: xss, csrf, sqli, id, lfi

Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1

Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2

Description: Detects possible event handlers | Tags: xss, csrf | ID: 32

Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33

Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43

Variable: POST.body | Value: comment3, <a href=\"http://muesca.es/visor3dcentro.htm\">schoolgirl virgin</a>, 9979, <a href=\"http://www.dynamicpsy.ro/hukj/language/12_2.html\">girls grabbing girls boobs</a>, :OOO, <a href=\"http://tribbett.org/indexn.html\">milk shakes recipes</a>, 758, <a href=\"http://torec.net/bha/5003.html\">7 up cake recipe</a>, frjpvi, <a href=\"http://jaytv.ch/spiractin/aldactone-sale-online.html\">cuckold creampie</a>, ywi, <a href=\"http://eunhyechung.com/de_au_lt7.html\">secretaria educacion soacha</a>, 1735, <a href=\"http://chinatripadvisor.com/english/help/453.screen.banners.client.html\">young glamour models tgp</a>, 01385, <a href=\"http://www.hohlraumvolumen.de/ki5/10112.html\">true sissy husband stories</a>, 2616,

Impact: 22 | Tags: xss, csrf, sqli, id, lfi

Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1

Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2

Description: Detects possible event handlers | Tags: xss, csrf | ID: 32

Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33

Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43

REMOTE_ADDR: 94.102.63.90

HTTP_X_FORWARDED_FOR:

HTTP_CLIENT_IP:

SCRIPT_FILENAME: /home/wmalluju/public_html/contact.php

QUERY_STRING:

REQUEST_URI: /contact.php

QUERY_STRING:

SCRIPT_NAME: /contact.php

PHP_SELF: /contact.php

==============================================================

Is there any problem for the site? Its the new installation of dolphin7. Please advise.

Quote · 30 Dec 2009

search the forum there are more then 100 posts about attacks (great advise)

Quote · 30 Dec 2009

Big Search Button Needed.


https://www.deanbassett.com
Quote · 30 Dec 2009

Whats up with all the fuzy avatars?

Quote · 30 Dec 2009
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.