Insert spam files using POST query

[jeyganesh_77]

Recently our website hacked, we resolved all issues such as upload the old backup and db scripts. but we review the our server log every day many IPs are try to insert the spam files using POST query.

our server log:

Code: Select all

85.214.51.0 - - [22/Aug/2016:19:11:36 +0200] "GET /x.php HTTP/1.1" 200 1465 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
5.196.121.0 - - [22/Aug/2016:19:11:36 +0200] "GET /x.php HTTP/1.1" 404 1465 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"

our website url: speedstep.de

Please let me know how the spammer insert the spam file using POST query... we have strong FTP password, protect the admin using google authentication. still we have received the type of POST queries.

[toivo]

When you cleaned your site, did you follow the instructions from the sticky post at the top of this forum:
http://forum.joomla.org/viewtopic.php?f=714&t=757645

Just above your post there is a link to the Forum Post Assistant (FPA). Including the output from FPA will help others to see if there is something in the configuration of your server or some vulnerable extension: http://forum.joomla.org/viewtopic.php?f=621&t=582860

[JAVesey]

Recently our website hacked, we resolved all issues such as upload the old backup and db scripts. but we review the our server log every day many IPs are try to insert the spam files using POST query.

You say "try" but don't say if the attempts were successful.

I would suggest that attempts such as this are common on the 'net and you won't actually stop the attempts themselves but can help prevent their success by keeping your code (joomla core + extensions) up to date and using a secure hosting provider.