FCKeditor Vuln Scripts

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
Post Reply
gaia
Forum Regular
Forum Regular
Posts: 213
Joined: Tue Jun 09, 2009 12:57 pm

FCKeditor Vuln Scripts

Unread post by gaia »

Not sure ASL would do it, since it's windows software, but it would be nice to have WAF block these:

Code: Select all

Oct 14 07:32:06 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:31:50 +0000] "HEAD /fckeditor/editor/filemanager/connectors/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:06 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:31:55 +0000] "HEAD /fckeditor/editor/filemanager/connectors/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:06 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:31:55 +0000] "HEAD /fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:06 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:31:56 +0000] "HEAD /fckeditor/editor/filemanager/upload/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:06 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:31:57 +0000] "HEAD /fckeditor/editor/filemanager/upload/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:06 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:31:58 +0000] "HEAD /fckeditor/editor/filemanager/upload/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:06 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:31:59 +0000] "HEAD /fckeditor/editor/filemanager/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:00 +0000] "HEAD /fckeditor/editor/filemanager/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:01 +0000] "HEAD /fckeditor/editor/filemanager/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:01 +0000] "HEAD /fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:02 +0000] "HEAD /fckeditor/editor/filemanager/browser/default/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:02 +0000] "HEAD /fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:04 +0000] "HEAD /includes/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:05 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:05 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:06 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:07 +0000] "HEAD /includes/fckeditor/editor/filemanager/upload/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:08 +0000] "HEAD /includes/fckeditor/editor/filemanager/upload/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:09 +0000] "HEAD /includes/fckeditor/editor/filemanager/upload/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:16 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:09 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:10 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:11 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:11 +0000] "HEAD /includes/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:12 +0000] "HEAD /includes/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:13 +0000] "HEAD /admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:14 +0000] "HEAD /admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:15 +0000] "HEAD /admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:16 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:17 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:18 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:18 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:19 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:26 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:20 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:36 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:20 +0000] "HEAD /admin/fckeditor/editor/filemanager/upload/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:36 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:21 +0000] "HEAD /admin/fckeditor/editor/filemanager/upload/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:36 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:22 +0000] "HEAD /admin/fckeditor/editor/filemanager/upload/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:36 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:22 +0000] "HEAD /ckeditor/ckfinder/core/connector/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:36 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:23 +0000] "HEAD /ckeditor/ckfinder/core/connector/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:36 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:24 +0000] "HEAD /ckeditor/ckfinder/core/connector/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:36 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:25 +0000] "HEAD /kcfinder/browse.php HTTP/1.1" 404 - "-" "-"
Oct 14 07:32:36 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:07:32:25 +0000] "PUT /ali.txt HTTP/1.1" 404 15995 "-" "-"
Oct 14 19:05:09 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:04:54 +0000] "HEAD /fckeditor/editor/filemanager/connectors/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:19 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:04:58 +0000] "HEAD /fckeditor/editor/filemanager/connectors/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:19 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:03 +0000] "HEAD /fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:19 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:08 +0000] "HEAD /fckeditor/editor/filemanager/upload/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:13 +0000] "HEAD /fckeditor/editor/filemanager/upload/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:14 +0000] "HEAD /fckeditor/editor/filemanager/upload/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:15 +0000] "HEAD /fckeditor/editor/filemanager/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:15 +0000] "HEAD /fckeditor/editor/filemanager/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:16 +0000] "HEAD /fckeditor/editor/filemanager/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:17 +0000] "HEAD /fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:17 +0000] "HEAD /fckeditor/editor/filemanager/browser/default/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:18 +0000] "HEAD /fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:19 +0000] "HEAD /includes/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:19 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:20 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:21 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:21 +0000] "HEAD /includes/fckeditor/editor/filemanager/upload/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:22 +0000] "HEAD /includes/fckeditor/editor/filemanager/upload/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:22 +0000] "HEAD /includes/fckeditor/editor/filemanager/upload/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:29 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:23 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:24 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:24 +0000] "HEAD /includes/fckeditor/editor/filemanager/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:25 +0000] "HEAD /includes/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:26 +0000] "HEAD /includes/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:26 +0000] "HEAD /admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:27 +0000] "HEAD /admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:28 +0000] "HEAD /admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:30 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:31 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:31 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:32 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:40 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:33 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:49 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:33 +0000] "HEAD /admin/fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:49 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:34 +0000] "HEAD /admin/fckeditor/editor/filemanager/upload/aspx/upload.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:49 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:35 +0000] "HEAD /admin/fckeditor/editor/filemanager/upload/asp/upload.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:49 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:35 +0000] "HEAD /admin/fckeditor/editor/filemanager/upload/php/upload.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:49 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:36 +0000] "HEAD /ckeditor/ckfinder/core/connector/asp/connector.asp HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:49 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:37 +0000] "HEAD /ckeditor/ckfinder/core/connector/php/connector.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:49 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:37 +0000] "HEAD /ckeditor/ckfinder/core/connector/aspx/connector.aspx HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:49 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:38 +0000] "HEAD /kcfinder/browse.php HTTP/1.1" 404 - "-" "-"
Oct 14 19:05:49 KVM1 www-access-mysite.com:  104.194.12.181 - - [14/Oct/2014:19:05:38 +0000] "PUT /ali.txt HTTP/1.1" 404 15995 "-" "-"
CentOS 6.9
ASL 4.0.19-37
Top
User avatar
hostingg
Forum User
Forum User
Posts: 63
Joined: Mon Mar 18, 2013 6:26 pm
Location: Earth

Re: FCKeditor Vuln Scripts

Unread post by hostingg »

some of those are bundled with Plesk on my linux system. I dont think you'd want to block those globally.
If everything was easy, then the world wouldn't need engineers.
Top
Post Reply

Return to “Atomic Protector (formerly ASL)”