Hi! This isn't really an attack against a blog or blog type per se, it's a directory transversal or Local File Inclusion type attack to get access to files that one normally wouldn't have access to, such as the '/etc/passwd' file in this case. You'd use some of the same code to issue commands to a server and all kinds of other 'fun' things. As to the types of attacks I see the most, it's usually folks looking for Proxies or people looking for database access through phpmyadmin. :) Missy On 9/22/08 12:50 PM, "Eric Weston" <[log in to unmask]> wrote: > We host a blog, running on B2Evolution (Apache Linux), and I see one > particular expoit attempt in our logs a great deal. It doesn't work > against our blog instance, but since I see this attempted so often, I > figure it either is effective against earlier versions of b2evolution, > or perhaps against some other blog software. I see lots of variations of > it, but they are all GET requests for something like: > > our.blog.url/index.php?blog=../../../../../../../etc/passwd > > Sometimes the URL variable name is different, or some other variation. > > Anyone know what blog software is or was vulnerable to this attack? > > Also, what are the most common attacks/probes you see against Apache > webservers? I'm making a top five list. (I've read "High Fidelity", > obviously) > > Thanks, > E.B.W.