|Subject:||PHP script attack?|
|Posted by:||Brion (bl…@blah.com)|
|Date:||Mon, 24 Sep 2007|
Recently we've started getting error messages similar to the following:
Event ID: 2216
The script started from the URL '/thisdoesnotexistahaha.php' with parameters
'' has not responded within the configured timeout period. The HTTP server
is terminating the script.
The particular .php script involved has a different name each time. If I'm
reading this right, someone is trying to execute a php script somehow. The
server does host some websites that use php, and it has PostgreSQL installed
too. How are they attempting to execute a script? Via HTTP post? What are
they trying to do? Even if they find one of the php files on the server,
what good would it do them to execute it? Any advice is appreciated.