Hack attemps...Maybe?

[r][m]

I've been seeing a lot of php and js scripts from various IP's in my log lately.
Don't know if it's really someone's lame hack attempt or someone who's just lost
their server.
My question was just answered when I tried to post here as "code" part of my log.
Definitely.
Of course HFS refuses these with a 404 Not found.
I have added to Events

Code: [Select]

[+request]
{.if|{.match|*.php*;*.js*|%url%.} |{: {.disconnect.}:}.}
And
[disconnected]
{.if|{.match|*.php*;*.js*|%url%.} |{:{.add to log|%ip% Disconnected .}:}.}
I am a bit puzzled as to how their doing this with out my log showing a
User Agent?

Now to sit back and watch (and learn)

[rejetto]

user-agent is not mandatory for the client

[Mars]

note the full path of their request and create it as virtual in the vfs, then the link return a web page which contain the attached image..
 

[uvbeenzaned]

Hackers would not want to hack anything small like an hfs server.  It's the truth.  They dream of hacking huge apache servers with mysql databases and all those goodies.

[r][m]

Mars
Thanks, I like it 

uvbeenzaned
While these guys may not have their doctorate degree in hacking,
they gave it a pretty good try. My log had about ever php call for admin, mysql and config
commonly used, as well as zen-cart, ecommerce, etc in js. Actually, I kinda learned some from
this.
I'll bet they're awful frustrated. 

[uvbeenzaned]

I guess I didn't realize all the stuff you really had in your log.