www.example.com, using

I see a lot of requests for nonexistent php files on my website. They tend to have a querystring like appserv_root=http://www.example.com, using domains with evil-looking php code.

I am pretty confident that this is trying to make use of some php vulnerability or other. So, I am curious:

What vulnerability is this trying to make use of?
How does one protect against this vulnerability?
What in the site configuration would be changed if this vulnerability was successfully exploited?

10.01% popularity Vote Up Vote Down

: Are there any guidelines for laying out screen "real estate?" I'm wondering if there is any information about creating a decent page layout so that your website will appeal to users of all

@Jennifer507

Posted in: #WebsiteDesign

2 Comments

: Should meta descriptions be unique for each page? Specifically, I'm wondering about pages that have a purpose that is sort of removed from the main site. For example, a privacy policy page -

@Jennifer507

Posted in: #MetaDescription #Seo

2 Comments

: From .psd to working HTML and CSS I am not much of a designer. My strength lies in coding. That said, I'm often forced into the role of "The Man," responsible for all aspects of site

@Jennifer507

Posted in: #Css #Html #Psd #Template

4 Comments

: How important is the uniqueness of your domain name? I've finally come up with a domain name that I like and is available. The name is nonsensical and doesn't translate into anything meaningful

@Jennifer507

Posted in: #Domains

3 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Sarah324

Looks like they're trying to do a remote file include attack. Looks like this is the vulnerability they are trying to exploit but I'm not 100% sure of it. I'm guessing you look safe if you're not using that application and/or have register_globals turned off (which you always should).

10% popularity Vote Up Vote Down

Feed

: What is the purpose of the appserv_root requests? I see a lot of requests for nonexistent php files on my website. They tend to have a querystring like appserv_root=http://www.example.com, using

More posts by @Jennifer507

: Are there any guidelines for laying out screen "real estate?" I'm wondering if there is any information about creating a decent page layout so that your website will appeal to users of all

: Should meta descriptions be unique for each page? Specifically, I'm wondering about pages that have a purpose that is sort of removed from the main site. For example, a privacy policy page -

: From .psd to working HTML and CSS I am not much of a designer. My strength lies in coding. That said, I'm often forced into the role of "The Man," responsible for all aspects of site

: How important is the uniqueness of your domain name? I've finally come up with a domain name that I like and is available. The name is nonsensical and doesn't translate into anything meaningful

Login to post a comment!

1 Comments

Back to top | Use Dark Theme