Page 1 of 1

Help with security issues. Please see code

Posted: Sun Feb 17, 2008 7:40 pm
by bvrettski
I have been experiencing a number of attacks and hacks on my joomla sites. I have been trying to follow security guidelines here and implement them as best I can. One thing I have done is to watch my logs to see who is visiting. I found a number (7) of the following yesterday all from different host numbers. They all happened seconds apart:

Host: [RussW: Removed, irrelevant to discussion or resolution]

//administrator/components/com_securityimages/lang.php?mosConfig_absolute_path=[RussW: Removed, irrelevant to discussion or resolution] ?
Http Code: 403 Date: Feb 17 06:49:44 Http Version: HTTP/1.1 Size in Bytes: 581
Referer: -
Agent: libwww-perl/5.803

When I went to http://[RussW: Removed, irrelevant to discussion or resolution] ? I found the following script.

[RussW: References to Exploit, Country, Names or Detail have been removed, these are irrelevant to the discussion and offer nothing to assist with issue resolution.]

Can someone tell me what this is trying to do?

Re: Help with security issues. Please see code

Posted: Tue Feb 19, 2008 2:44 am
by mandville
its scanning your site for vulnerabilities

http://cyberphob1a.wordpress.com/2008/0 ... -networks/

Re: Help with security issues. Please see code

Posted: Tue Feb 19, 2008 3:45 am
by bvrettski
Thanks..that was my suspicion. How do I report and fight against this sort of thing?

Re: Help with security issues. Please see code

Posted: Tue Feb 19, 2008 4:02 am
by mandville
report it to the host or domain registrar, enable the htaccess and read the security faq

Re: Help with security issues. Please see code

Posted: Thu Feb 21, 2008 11:01 pm
by Geoff

Re: Help with security issues. Please see code

Posted: Thu Feb 21, 2008 11:10 pm
by bvrettski
I'm well aware of the security FAQ but thanks. Its a bit overwhelming trying to understand the ins and out of security so when I post its usually becasue I'm looking for something more specific, that i haven't been able to find.

In this case understanding the code I posted above and what sort of attack this might be, if it was an attack. So the security FAQ wasnt much help.

Re: Help with security issues. Please see code

Posted: Tue Feb 26, 2008 5:33 am
by RussW
@bvrettski

I believe that if you spend time working through the Security FAQ's, Stickies and the many many posts with similar if not the same information you will find that your questions are answered in great detail, also as a learning experience you will start to develop a better understanding of the requirements of running a secure site and learn more regarding what the attempted exploit was doing. Some PHP experience will assist you greatly also.

We do understand the FAQ's are large and contain a lot of information, of which is very new to many folks, but working through the FAQ's one by one and point by point, rather than trying to attack the complete document in one session will ease the learning process and provide for a better overall understanding of security techniques and measures.