Strange RFI attempt

zaphod · Postby **zaphod** » Sun Nov 08, 2009 6:54 pm

For lack of a better forum to put it in, I have a strange Remote file inclusion attempt I would like to share with you all.

If any mod knows a better forum on here for this message, please move it.

Here's the RFI I got...

Code: Select all

#: 13724 @: Sun,  8 Nov 2009 17:54:35 -0700
Host: host49-175-dynamic.61-82-r.retail.telecomitalia.it
IP: 82.61.175.49
Score: 3
Why blocked: Question mark at end of query. RFI (http). Spammer tolerant host network. 
Query: f=http://owned-nets.blogspot.com/2009/05/pro0f3th1sddbluelinebe.html?
Referer: 
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
Reconstructed URL: http:// www.spambotsecurity.c0m /forum/viewtopic.php?f=http://owned-nets.blogspot.com/2009/05/pro0f3th1sddbluelinebe.html?

I checked out the page on blogspot, but saw no hostile code on it, well, none that immediately caught my eye. Does anyone see hostile crap buried in there? Could this be a slandering attempt against that page?

Zap hm?

(Feeling a little amused, and a little unsure.)

Postby **MysteryFCM** » Mon Nov 09, 2009 11:01 am

The blog is legit. It's entirely possible they're pulling the code from his post, but more likely they're just trying to fool people into thinking he's involved.

TeMerc Internet Countermeasures

Strange RFI attempt

Strange RFI attempt

Re: Strange RFI attempt

Who is online