Can anyone de-cypher the second entry for me?
--------------------- httpd Begin ------------------------
Requests with error response codes 403 Forbidden /: 9 Time(s) /?c=4e5e5d7364f443e28fbf0d3ae744a59a: 3 Time(s)
I have found the string via Google but have not located any explanation.
In article e4bd3a73fc95477064436043eb8a37ed.squirrel@webmail.harte-lyne.ca, James B. Byrne byrnejb@harte-lyne.ca wrote:
Can anyone de-cypher the second entry for me?
--------------------- httpd Begin ------------------------
Requests with error response codes 403 Forbidden /: 9 Time(s) /?c=4e5e5d7364f443e28fbf0d3ae744a59a: 3 Time(s)
I have found the string via Google but have not located any explanation.
It appears to be something to do with a PHP framework called ThinkPHP. One of the hits when searching for it is for ThinkPHP on Google Code.
Perhaps there is a vulnerability in ThinkPHP, and this access is from a machine scanning for vulnerable sites? Just a guess.
I don't think it has a meaning - it's just a 128-bit number expressed in hex.
Cheers Tony
See: http://code.taobao.org/p/tpbase/diff/2/trunk/ThinkPHP/Library/Think/App.clas...
if(!$module) {
+ if('4e5e5d7364f443e28fbf0d3ae744a59a' == CONTROLLER_NAME) {
+ header("Content-type:image/png");
+ exit(base64_decode(App::logo()));
+ }
I think it's way to detect if system is running vulnerable version of ThinkPHP?
--
Eero
2015-09-24 16:53 GMT+03:00 Tony Mountifield tony@softins.co.uk:
In article < e4bd3a73fc95477064436043eb8a37ed.squirrel@webmail.harte-lyne.ca>, James B. Byrne byrnejb@harte-lyne.ca wrote:
Can anyone de-cypher the second entry for me?
--------------------- httpd Begin ------------------------
Requests with error response codes 403 Forbidden /: 9 Time(s) /?c=4e5e5d7364f443e28fbf0d3ae744a59a: 3 Time(s)
I have found the string via Google but have not located any explanation.
It appears to be something to do with a PHP framework called ThinkPHP. One of the hits when searching for it is for ThinkPHP on Google Code.
Perhaps there is a vulnerability in ThinkPHP, and this access is from a machine scanning for vulnerable sites? Just a guess.
I don't think it has a meaning - it's just a 128-bit number expressed in hex.
Cheers Tony
-- Tony Mountifield Work: tony@softins.co.uk - http://www.softins.co.uk Play: tony@mountifield.org - http://tony.mountifield.org _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Eero Volotinen -
James B. Byrne -
tony@softins.co.uk