showall=1&start=1 What is this in my error logs?

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
PPAAA
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Feb 04, 2008 4:01 am

showall=1&amp;start=1 What is this in my error logs?

Post by PPAAA » Fri Feb 29, 2008 4:23 pm

I am getting this in my error logs:

/someword/51-someword/?tmpl=component&amp;amp;amp;amp; amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; amp;amp;amp;amp;amp;amp;print=1&amp;amp;amp;amp; amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; amp;amp;amp;amp;showall=1&amp;amp;amp;amp;amp;amp; amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; start=1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; amp;amp;amp;amp;showall=1&amp;amp;amp;amp;amp;amp; amp;amp;amp;amp;amp;amp;amp;showall=1&amp;amp;amp; amp;amp;amp;amp;amp;amp;amp;amp;amp;showall=1&amp; amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;start=1& amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;showall=1& amp;amp;amp;amp;amp;amp;amp;amp;amp;showall=1&amp; amp;amp;amp;amp;start=1&amp;amp;amp;showall=1& amp;showall=1&start=1


Or like this:

/someword/51-someword/?tmpl=component&amp;amp;amp;amp; amp;amp;amp;amp;print=http://www.somesite.ru/en/tis/ leboma/&amp;amp;amp;amp;amp;amp;showall=1&amp; amp;amp;amp;start=1 ->

I received over one hundred of these with different site names.

Question - should I be glad these are only in my error logs and not actually going out to those sites? Or are they going out to those sites as well?

What is the attackers purpose in this? Is it to harrass, exploit a weakness, send spam, use up bandwidth, what? Please, don't post any general answers to these questions. I am not looking for sympathizers, just facts.

Finally, is there a way to prevent these from happening again?

Thanks, and yes I have read the Security FAQs and read through these postings. I did not see this, or perhaps recognize what to call it.

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: showall=1&amp;start=1 What is this in my error logs?

Post by RussW » Fri Feb 29, 2008 10:01 pm

PPAAA wrote:I am getting this in my error logs:
/someword/51-someword/?tmpl=component&amp;amp;amp;amp; amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; amp;amp;amp;amp;amp;amp;print=1&amp;amp;amp;amp; [truncated] start=1&amp;amp;amp;showall=1& amp;showall=1&start=1

Or like this:

/someword/51-someword/?tmpl=component&amp;amp;amp;amp; amp;amp;amp;amp;print=http://www.somesite.ru/en/tis/ leboma/&amp;amp;amp;amp;amp;amp;showall=1&amp; amp;amp;amp;start=1 ->

I received over one hundred of these with different site names.

Question - should I be glad these are only in my error logs and not actually going out to those sites? Or are they going out to those sites as well?

What is the attackers purpose in this? Is it to harrass, exploit a weakness, send spam, use up bandwidth, what? Please, don't post any general answers to these questions. I am not looking for sympathizers, just facts.

Finally, is there a way to prevent these from happening again?

Thanks, and yes I have read the Security FAQs and read through these postings. I did not see this, or perhaps recognize what to call it.

Google and Wikipedia is your friend, this looks like an attempt at buffer overflow, either to crash the site/server or to fill a buffer until it is useable in an exploit, not a very sophisticated attempt either.

Without seeing for information and further investigation all assistance will be "generic" with generic information being supplied and therefore if you have read the Security FAQ's and Stickies, you will now know that there is now a need for "you" as the end-user, to further research and learn about your environment, which is hosting, webserving and systems administration if you wish to continue to maintain a relatively safe and secure website.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

PPAAA
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Feb 04, 2008 4:01 am

Re: showall=1&amp;start=1 What is this in my error logs?

Post by PPAAA » Fri Feb 29, 2008 10:10 pm

attempt at buffer overflow
Thank you for the insight. Now I have a name for what was going on.

Has anyone had experience with this? Would preventative measures be on my end, the servers, or both?
(I am not running my own server.)

Thanks.

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: showall=1&amp;start=1 What is this in my error logs?

Post by RussW » Sat Mar 01, 2008 4:03 am

This is external to Joomla! thus, from the perspective of Joomla! there is nothing more than standard in built protection mechanisms to offer.
Google and Wikipedia is your friend, this looks like an attempt at buffer overflow, either to crash the site/server or to fill a buffer until it is useable in an exploit, not a very sophisticated attempt either.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/


Locked

Return to “Security in Joomla! 1.5”