A new kind of hack?

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.

Locked

2 posts • Page 1 of 1

Caliderumba: Joomla! Fledgling; Posts: 1; Joined: Fri Feb 28, 2014 10:58 pm

A new kind of hack?

Post by Caliderumba » Tue Jul 15, 2014 4:52 pm

Since a few weeks ago, I see somebody trying to hack my site using the follow:

Code: Select all

** Local File Inclusion [POST:path] => /../../../qq5.txt
** Local File Inclusion [REQUEST:path] => /../../../qq5.txt

**PAGE / SERVER INFO


*REMOTE_ADDR :
212.227.58.213

*HTTP_USER_AGENT :
Mozilla/3.8 (Windows; U; Windows NT 3.6; en-US; rv:2.6.8.7) Gecko/20140715180316 Firefox/1.8.3

*REQUEST_METHOD :
POST

*QUERY_STRING :
140715-180316



** SUPERGLOBALS DUMP (sanitized)


*$_GET DUMP
 -[140715-180316] =>


*$_POST DUMP
 -[path] => /qq5.txt
 -[raw_data] => hacked by you


*$_COOKIE DUMP


*$_REQUEST DUMP
 -[140715-180316] =>
 -[path] => /qq5.txt
 -[raw_data] => hacked by you

I just want to warning all the comunnity about this, this attack does nothing on my site, I use marcos interceptor, also admin tools and the security options from shef 404 component, but when I Google it, what I see is only a site, been hacked, I don't find to much info.

itoctopus: Joomla! Virtuoso; Posts: 4025; Joined: Mon Nov 25, 2013 4:35 pm; Location: Montreal, Canada; Contact:
Contact itoctopus

Website

Re: A new kind of hack?

Post by itoctopus » Tue Jul 15, 2014 9:16 pm

I've seen this before - and it was a harmless because of a software firewall. I did notice by the way that lately there is a surge in trying to hack a Joomla website through JCE (specifically the "Image Manager").

http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

Locked

2 posts • Page 1 of 1

Return to “Security in Joomla! 2.5”