Founder and Lead Developer of Macrotone Consulting Ltd.
1 minute reading time (178 words)

Detected intrusion attempts

We have detected an unusual (for us) sudden spate of web attacks on our site by hackers which we thought we would share with the community.

These attacks have taken a different route to those we normally see. They have basically fallen into two separate categories:

Malicious User Agent:  
This attack vector describes where a hacker tries to access the site using a browser configured to send malicious PHP code in its user agent string (a small piece of text used to describe the browser to your server).  The idea behind it is that buggy log processing software will parse it and allow the hacker to gain control of the website.

Direct File Inclusion:
In this attack vector a hacker tries to trick vulnerable components into loading arbitrary files. Depending on the vulnerable component, the file will either be output verbatim or parsed as a PHP file. This allows attackers to disclose sensitive information about the site or to run malicious code uploaded to the site through another vulnerable vector, e.g. an unfiltered upload of executable PHP code.

Experiences with CSS and a table style
DBMS_FEATURE_USAGE_REPORT
 

By accepting you will be accessing a service provided by a third-party external to https://macrotoneconsulting.co.uk/

Go To Top

The Macrotone Consulting Web site would like to use cookies to store information on your computer, to improve our website. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.

I accept cookies from this site.