|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2003-03-15 07:55 UTC] ChristianMoore at attbi dot com
I use PHP on my site at www.psychosematic.com. For some reason, php.exe is trying to access the web, and it has nothing to do with my site.
My firewall logged these actions, performed by php.exe:
File Version :
File Description : C:\php\php.exe
File Path : C:\php\php.exe
Process ID : 283C (Heximal) 10300 (Decimal)
Connection origin : local initiated
Protocol : TCP
Local Address : 192.168.1.100
Local Port : 3216
Remote Name : www.ironmaiden.com
Remote Address : 213.86.54.15
Remote Port : 80 (HTTP - World Wide Web)
Ethernet packet details:
Ethernet II (Packet Length: 62)
Destination: 00-04-5a-e9-5a-17
Source: 00-03-6d-11-12-fc
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x1d7b (Correct)
Source: 192.168.1.100
Destination: 213.86.54.15
Transmission Control Protocol (TCP)
Source port: 3216
Destination port: 80
Sequence number: 3479013436
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x3311 (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 04 5A E9 5A 17 00 03 : 6D 11 12 FC 08 00 45 00 | ..Z.Z...m.....E.
0010: 00 30 F2 38 40 00 40 06 : 7B 1D C0 A8 01 64 D5 56 | .0.8@.@.{....d.V
0020: 36 0F 0C 90 00 50 CF 5D : 88 3C 00 00 00 00 70 02 | 6....P.].<....p.
0030: 40 00 11 33 00 00 02 04 : 05 B4 01 01 04 02 | @..3..........
File Version :
File Description : C:\php\php.exe
File Path : C:\php\php.exe
Process ID : 2B40 (Heximal) 11072 (Decimal)
Connection origin : local initiated
Protocol : TCP
Local Address : 192.168.1.100
Local Port : 3256
Remote Name : www.aimoo.com
Remote Address : 216.38.143.13
Remote Port : 80 (HTTP - World Wide Web)
Ethernet packet details:
Ethernet II (Packet Length: 62)
Destination: 00-04-5a-e9-5a-17
Source: 00-03-6d-11-12-fc
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x8014 (Correct)
Source: 192.168.1.100
Destination: 216.38.143.13
Transmission Control Protocol (TCP)
Source port: 3256
Destination port: 80
Sequence number: 74775255
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x8b0d (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 04 5A E9 5A 17 00 03 : 6D 11 12 FC 08 00 45 00 | ..Z.Z...m.....E.
0010: 00 30 FD 07 40 00 40 06 : 14 80 C0 A8 01 64 D8 26 | .0..@.@......d.&
0020: 8F 0D 0C B8 00 50 04 74 : FA D7 00 00 00 00 70 02 | .....P.t......p.
0030: 40 00 0D 8B 00 00 02 04 : 05 B4 01 01 04 02 | @.............
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Dec 04 18:00:01 2025 UTC |
Either your scripts are deliberately accessing the network using something like fopen("http://...."), or your scripts are insecure and are allowing hackers to do that. This is not a bug in PHP; please check your scripts, and re-read the security section of the PHP manual.