[CentOS] decode http hack attempt?

Thu Sep 24 13:53:25 UTC 2015
Tony Mountifield <tony at softins.co.uk>

In article <e4bd3a73fc95477064436043eb8a37ed.squirrel at webmail.harte-lyne.ca>,
James B. Byrne <byrnejb at harte-lyne.ca> wrote:
> Can anyone de-cypher the second entry for me?
> 
> --------------------- httpd Begin ------------------------
> 
> 
>  Requests with error response codes
>     403 Forbidden
>        /: 9 Time(s)
>        /?c=4e5e5d7364f443e28fbf0d3ae744a59a: 3 Time(s)
> 
> I have found the string via Google but have not located any explanation.

It appears to be something to do with a PHP framework called ThinkPHP.
One of the hits when searching for it is for ThinkPHP on Google Code.

Perhaps there is a vulnerability in ThinkPHP, and this access is from
a machine scanning for vulnerable sites? Just a guess.

I don't think it has a meaning - it's just a 128-bit number expressed in hex.

Cheers
Tony

-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org