Detected intrusion attempts
We have detected an unusual (for us) sudden spate of web attacks on our site by hackers which we thought we would share with the community.
These attacks have taken a different route to those we normally see. They have basically fallen into two separate categories:
Malicious User Agent:
This attack vector describes where a hacker tries to access the site using a browser configured to send malicious PHP code in its user agent string (a small piece of text used to describe the browser to your server). The idea behind it is that buggy log processing software will parse it and allow the hacker to gain control of the website.
Direct File Inclusion:
In this attack vector a hacker tries to trick vulnerable components into loading arbitrary files. Depending on the vulnerable component, the file will either be output verbatim or parsed as a PHP file. This allows attackers to disclose sensitive information about the site or to run malicious code uploaded to the site through another vulnerable vector, e.g. an unfiltered upload of executable PHP code.