simple security hole
  1. Fixed a simple security hole in #taproot, uncovered unintentionally by an attack mounted ≈5hrs ago — intent appeared to be to create new user accounts, unintended result was the creation of a new, empty article.
  3. Hundreds of requests were made against URLs similar to these:
  5. /articles/do.php
  6. /articles/modules.php?app=user_reg
  7. /articles/index.php?app=home&mod=public&act=register
  8. /action/sign_up
  9. /articles/sign_up.html
  10. /articles/?page=login&cmd=register
  11. /articles/tiki-register.php
  12. /articles/index.php?page=register&action=register
  13. /index.php?page=item&action=item_add
  14. /articles/index.php?user/create_form/
  15. /articles/join.php
  16. /articles/index.php?dll=register
  17. /articles/index.php?option=com_community&view=register
  18. /articles/register.php
  19. /articles/signup.php
  20. Presumably these URLs are compromised on other systems — needless to say they are far too ugly to exist in #taproot! I’m unsure exactly why /articles was used as the base URL for the attack in all cases apart from two.
  22. As these URLs don’t exist, and will never exist, it should be safe enough to add server- or application-level filters immediately closing any requests which include them.
Parsed in 0.003 seconds