Strange people with strange code...

from man pages (this is just waht came up initally for each, ask if you want me to bother getting more... if there's system customization, i'm on RH9)

Quote: UNAME(1) FSF UNAME(1)

NAME
uname - print system information

SYNOPSIS
uname [OPTION]...

DESCRIPTION
Print certain system information. With no OPTION, same as -s.

-a, --all
print all information, in the following order:

-s, --kernel-name
print the kernel name

-n, --nodename
print the network node hostname

-r, --kernel-release
print the kernel release

-v, --kernel-version
print the kernel version

-m, --machine
print the machine hardware name

-p, --processor
print the processor type

-i, --hardware-platform
print the hardware platform

-o, --operating-system
print the operating system

--help display this help and exit

--version
:

cat just prints to an output. none seleted is the terminal.

cat /etc/passwd|grep nobody

that grabs every line from etc/passwd (where your PASSWORDS are stored) that is for the user nobody (standard user for running things like WEB SERVERS

Quote: HOSTNAME(1) Linux Programmerâs Manual HOSTNAME(1)

NAME
hostname - show or set the systemâs host name
domainname - show or set the systemâs NIS/YP domain name
dnsdomainname - show the systemâs DNS domain name
nisdomainname - show or set systemâs NIS/YP domain name
ypdomainname - show or set the systemâs NIS/YP domain name
nodename - show or set the systemâs DECnet node name

SYNOPSIS
hostname [-v] [-a] [--alias] [-d] [--domain] [-f] [--fqdn] [-i] [--ip-
address] [--long] [-s] [--short] [-y] [--yp] [--nis] [-n] [--node]

hostname [-v] [-F filename] [--file filename] [hostname]

domainname [-v] [-F filename] [--file filename] [name]

nodename [-v] [-F filename] [--file filename] [name]

hostname [-v] [-h] [--help] [-V] [--version]

dnsdomainname [-v]
nisdomainname [-v]
ypdomainname [-v]

DESCRIPTION
Hostname is the program that is used to either set or display the cur-
rent host, domain or node name of the system. These names are used by
many of the networking programs to identify the machine. The domain
name is also used by NIS/YP.

GET NAME
When called without any arguments, the program displays the current
names:

hostname will print the name of the system as returned by the gethost-
name(2) function.

domainname, nisdomainname, ypdomainname will print the name of the sys-
tem as returned by the getdomainname(2) function. This is also known as
:

Quote: LS(1) FSF LS(1)

NAME
ls - list directory contents

SYNOPSIS
ls [OPTION]... [FILE]...

DESCRIPTION
List information about the FILEs (the current directory by default).
Sort entries alphabetically if none of -cftuSUX nor --sort.

Mandatory arguments to long options are mandatory for short options
too.

-a, --all
do not hide entries starting with .

-A, --almost-all
do not list implied . and ..

--author
print the author of each file

-b, --escape
print octal escapes for nongraphic characters

--block-size=SIZE
use SIZE-byte blocks

-B, --ignore-backups
do not list implied entries ending with ~

-c with -lt: sort by, and show, ctime (time of last modification of
file status information) with -l: show ctime and sort by name
otherwise: sort by ctime

-C list entries by columns

--color[=WHEN]
control whether color is used to distinguish file types. WHEN
may be âneverâ, âalwaysâ, or âautoâ

-d, --directory
list directory entries instead of contents

-D, --dired
generate output designed for Emacsâ dired mode

-f do not sort, enable -aU, disable -lst

-F, --classify
append indicator (one of */=@|) to entries

--format=WORD
across -x, commas -m, horizontal -x, long -l, single-column -1,
verbose -l, vertical -C

--full-time
like -l --time-style=full-iso

-g like -l, but do not list owner

-G, --no-group
inhibit display of group information

-h, --human-readable
print sizes in human readable format (e.g., 1K 234M 2G)

--si likewise, but use powers of 1000 not 1024

-H, --dereference-command-line
follow symbolic links on the command line

--indicator-style=WORD append indicator with style WORD to entry names:
none (default), classify (-F), file-type (-p)

-i, --inode
print index number of each file

-I, --ignore=PATTERN
do not list implied entries matching shell PATTERN

-k like --block-size=1K

-l use a long listing format

-L, --dereference
when showing file information for a symbolic link, show informa-
tion for the file the link references rather than for the link
itself

-m fill width with a comma separated list of entries

which is the long listing for those things with ls -la
if a dir then they know everything about the dir, otherwise the file, that shows up in a ls -la

looks to me like the script is getting info to see if you're open to e-mail relaying... so they can use you as a proxy

wow. that sucks.

Gah, some people...
Oh well, at least now I know I'm safe from this "threat"

Thanks

no problem. glad i could be of some assiistance.

like i said, it LOOKS to me like they are looking to see if they can use you as an e-mail relay. it looks like tha tbecause i can't think of any other reason to want both the user info from passwd for nobody AND the the hostname AND the information they'd retrieve from sendmail. there could be other things, as well as numerous other things they can do witht he pw to nobody.

can you give tme the site's ip so i can block it in my firewall?

IP: 80.250.164.242

That code will do nothing to your system.

The code on their site was intended to run on their server,
and output the results. However, the page is not being sent
through the PHP interpreter (by Apache).

I do something similar on my site (link - see "Shell Simulation"), but mine actually works.

Oh cool Thanks Mark