Possible attack..

I got a possible attack the other day, running RC3:

Please let me know if this is a bug, or someone trying to hack my site.. I think it's a bug since my site isen't even public yet...

------------------------------------------------------------------

MIME-Version: 1.0

From: =?UTF-8?B?QXZsaWph?= <contact@xxx.net>
Message-Id: <20091215111120.A87C527E03F0@CentOS-53-32-minimal.localdomain>
Date: Tue, 15 Dec 2009 12:11:20 +0100 (CET)

Total impact: 36
Affected tags: xss, csrf, id, rfe, lfi

Variable: REQUEST.DescriptionMe.0 | Value: mycB4Q &lt;a href=\&quot;http://jvrhoenvdwob.com/\&quot;&gt;jvrhoenvdwob&lt;/a&gt;, [url=http://oeitbmxpadif.com/]oeitbmxpadif[/url], [link=http://kbdqoqkycyuw.com/]kbdqoqkycyuw[/link], http://stxxffbxrnuh.com/
Impact: 9 | Tags: xss, csrf, id, rfe, lfi
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

Variable: REQUEST.DescriptionMe.1 | Value: mycB4Q &lt;a href=\&quot;http://jvrhoenvdwob.com/\&quot;&gt;jvrhoenvdwob&lt;/a&gt;, [url=http://oeitbmxpadif.com/]oeitbmxpadif[/url], [link=http://kbdqoqkycyuw.com/]kbdqoqkycyuw[/link], http://stxxffbxrnuh.com/
Impact: 9 | Tags: xss, csrf, id, rfe, lfi
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

Variable: POST.DescriptionMe.0 | Value: mycB4Q &lt;a href=\&quot;http://jvrhoenvdwob.com/\&quot;&gt;jvrhoenvdwob&lt;/a&gt;, [url=http://oeitbmxpadif.com/]oeitbmxpadif[/url], [link=http://kbdqoqkycyuw.com/]kbdqoqkycyuw[/link], http://stxxffbxrnuh.com/
Impact: 9 | Tags: xss, csrf, id, rfe, lfi
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

Variable: POST.DescriptionMe.1 | Value: mycB4Q &lt;a href=\&quot;http://jvrhoenvdwob.com/\&quot;&gt;jvrhoenvdwob&lt;/a&gt;, [url=http://oeitbmxpadif.com/]oeitbmxpadif[/url], [link=http://kbdqoqkycyuw.com/]kbdqoqkycyuw[/link], http://stxxffbxrnuh.com/
Impact: 9 | Tags: xss, csrf, id, rfe, lfi
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

REMOTE_ADDR: 67.169.62.19
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /var/www/html/join.php
QUERY_STRING:
REQUEST_URI: http://www.xxx.net/join.php
QUERY_STRING:
SCRIPT_NAME: /join.php
PHP_SELF: /join.php

This is not an attack...

is a protection antispam

I had this email too..

Someone tryed to sign up on your website for spaming and server reacted ( protected ) ok, it blocked that spammer

You know what is weird - I have two D7 sites that I haven't modified much, and they get attacked more or less constantly, but my CalTrade site where I have posted the link all over the place here has only had one or two attacks.  All I can think is there must be "bad things" that prowl the Internet looking for Boonex and Dolphin terms in the footer and other places, that a more modified site doesn't have.

Rob

Your probably right, when I had default boonex sitting there I had a few attacks.  Since heavily modifying and changing everything I haven't had one.

I'm cussing at my own system right now because it won't let me post an event that has a few links - and I am doing it from inside the admin panel!  I was going to take a quick minute an post an event that just got mailed to me, now I am totally pissed at my own system.

I got the same response on one of my sites. Discovered it came from a couple of embedded videos from YouTube. Not sure if that is really a serious thing, just thought I would pass it on..