Hack attempt from contact form

[GouMs]

Hi guys !

I received yesterday more than 150 messages coming from the contact form, which seem to be hack attempts.
All those message came from the fake email "[email protected] " and where sent in 2 minutes (seems fast to me for a human, propably a soft...)

Many where containing some weird injection tentative, like
Message: /./././././././etc/passwd
Message: ../../../../../../../../etc/passwd.htm
Message: /etc/passwd
Message: `cat /etc/passwd`
Message: cat /etc/passwd
Message: ;cat /etc/passwd;
Message: &cat;/etc/passwd&
Message: |cat /etc/passwd


or

Message: ";printf(md5(acunetix_wvs_security_test));exit;//
Message: ;printf(md5(acunetix_wvs_security_test));exit;//
Message: ';printf(md5(acunetix_wvs_security_test));exit;//
Message: printf(md5(acunetix_wvs_security_test));exit;//

or even stuff like

Message:
SomeCustomInjectedHeader:injected_by_wvs
Message:
Set-Cookie: cookiename=cookievalue


and

Message: [email protected]' and '1'='0
Message: [email protected]" and "1"="0" --
Message: [email protected] and 1=1 --

or URL and file URL

Message: http://testphp.acunetix.com/acunetix_xsl_inclusion_test.xsl
Message: http://testphp.acunetix.com/acunetix_file_inclusion_test?
Message: http://www.acunetix.com

and weird code:
Message: 65536
Message: -1.0
Message: 0x3fffffff
Message: 0x80000000
Message: 0x7fffffff
Message: '
Message: 1acueca2f78aeedcb14049504dd593ef9c82

Well, that's not something I appreciate, but I don't think anything has been succesfully hacked... Is there any security hole in Prestashop I should be aware of ?

Did anyone receive similar messages ? What can I do to be sure nothing has been hacked ?

Thanks for your help !
Cheers

[Radu]

you were scaned by a kid that had acunetix installer. Check also your server logs for details of the ip that scanned you (for instance the ssh or ftp failed connect attempts )

[bhg]

What kind of information, if any, can someone get from our websites by using this program?

Is there away to prevent someone from scanning our sites like that?

Sounds a bit spooky!

[Radu]

Unfortunately that program is very strong and can find out any security holes your application or your server might have. It even gives example of how you can break into the system if it finds something.

Anyway it did much more that you saw in the email -> there it tryed to find problems with the contact form and how to inject code into headers to get the user/passwords from your system

However most likely it didn't succeed. Ask your host to install mod security - this mod blocks automatically any ip that scans the server in the way acunetix does.

[bhg]

Wow, that program should be illegal!

[Radu]

http://www.acunetix.com/ordering/index.php

it shouldn't it's an audit software, however i bet someone cracked it and some is using it for a wrong cause. But you have the possibility to catch them if they are not hiding good enough

[whydown]

I also having the same problem.what should i do?

[Abaya Dubai]

@GouMs

you should get a security professional to check your website for security holes and patch it.

[liquidesnake]

You may want to try this coding:

<?php
if ($_SERVER['HTTP_ACUNETIX_PRODUCT'] ||
   $_SERVER['HTTP_ACUNETIX_SCANNING_AGREEMENT'] ||
   $_SERVER['HTTP_ACUNETIX_USER_AGREEMENT']){
       exit;
}
?> 

place that code in your header...apparently this code works on Acunetix Web Vulnerability Scanner 2 & 3. today we are in version 7, so the code need to be tested. I will give it a try later.
source: http://www.security-forums.com/viewtopic.php?p=241821&sid=c2097c7607cc2757890e1b2b49bfeb92

u can also read this: http://www.webhostingtalk.com/showthread.php?t=627447

the other solution is to place a Captcha generator in your contact form.