"Fatal" error log -- successfully hacked or just an attempt?


#1

Hello, I noticed the following log labeled as “Fatal”:

ActionDispatch::ParamsParser::ParseError (795: unexpected token at 'alihack<%eval request("alihack.com")%> ')

Here’s the complete log:
https://pastebin.mozilla.org/8149652

It appears to just be a hacking attempt from a spammer IP, supposedly one of the worst known spammers according to the chatter I can find by Googling. Is is just an attempt? Or was it somehow successful? And if just an attempt, why is it labeled as “Fatal”?

Thanks.


(Ahmad Mushtaq) #2

Since that was a PUT request, can you share the JSON request if you can get hold of it?
To me it seems like the attacker was trying to target the routing engine of rails (actionpack), but seems they didn’t succeed, perhaps there is a known vulnerability and your system was patched.

Seems like they were trying to exploit this:
http://tools.cisco.com/security/center/viewAlert.x?alertId=27831

http://www.bing.com/search?q=rails+action+pack+vulnerability


#3

Thanks for the reply!

How would I find that?


(Sam Saffron) #4

Yes, its a standard log message rails outputs when it detects this issue. It returns an error page to that user.

I see alihack quite frequently on various forums.


#5

Thanks @sam for the reassurance! Good to know.