[imp] strange log (imp attack?)

[adoldo at forum.iss.it]

Hi,


I found in access.log of http server an access to login.php


that redirect the request to yahoo for password cracking.


Is possible a bug in php or in login.php of imp?


the records in access.log are:




203.XXX.XXX.XXX - - [07/Jun/2003:22:01:26 +0200] "GET 
http://login.yahoo.com/config/login?.tries=1&.src=bl&login=XXXXXXX&passwd=YYYYY&
n=1 HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 
.NET CLR 1.0.3705)"


203.XXX.XXX.XXX - - [07/Jun/2003:22:01:26 +0200] "GET 
http://login.yahoo.com/config/login?.tries=1&.src=bl&login=XXX&passwd=YYY&n=1 
HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.0.3705)"






and in error.log are:


[Sat Jun 07 22:01:26 2003] [error] [client 203.XXX.XXX.XXX] File does not exist:


/var/www/html/XXXXX/config.php/login


[Sat Jun 07 22:01:26 2003] [error] [client 203.XXX.XXX.XXX] File does not exist:


/var/www/html/XXXXX/config.php/login




(the 'X' substitute the real situation)




I Have horde 2.2.3 with imp 3.2.1, php 4.3.1, apache 2.0.45




Thanks to all,


bye,


antonio


-------------------------------------------------------------
questa mail e' stata inviata da http://forum.iss.it/mail