Weird log access

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, PhilD, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
User avatar
dude28039933
Joomla! Explorer
Joomla! Explorer
Posts: 293
Joined: Thu Nov 21, 2013 10:51 am
Location: Hrvatska

Weird log access

Postby dude28039933 » Thu Sep 14, 2017 11:20 am

Hi everybody,
I have a question ragarding some Log entries I've got from my server, since I've installed https://extensions.joomla.org/extension/marco-s-sql-injection/, and of course, I got email notification about possible hacking, so I decided to up the antie with my site security. I already have admin exile for hiding my backend and brute force detection, but this is a little plugin that does great stuff. Anyway, I was checking the logs and found this (I will modify it so I don't show any juicy information but)

"GET /administrator/index.php?option=com_login HTTP/1.1" 200 793,

so basically somebody got the 200 code for my backend, although i have key and token for it through admin exile, I see not many traffic was done when he accessed it, I don't see any unusual activity on my site, no backlinks, nothing is slower... should I be worried for this?
Last edited by toivo on Thu Sep 14, 2017 11:47 am, edited 1 time in total.
Reason: mod note: changed the link to point to JED - please read the forum rules at https://forum.joomla.org/viewtopic.php?f=8&t=65
There are no stupid questions, only stupid answers...

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3493
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Weird log access

Postby abernyte » Sat Sep 16, 2017 6:03 pm

The Marcos notifications are the attempts to enter your site not specifically successful exploits. What does your site logs say regarding who accessed what?
It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so. Twain

User avatar
dude28039933
Joomla! Explorer
Joomla! Explorer
Posts: 293
Joined: Thu Nov 21, 2013 10:51 am
Location: Hrvatska

Re: Weird log access

Postby dude28039933 » Sun Sep 17, 2017 12:29 pm

Well logs just say he got a 200 code when he tried to enter the mysite.com/administrator section using GET option and he entered mysite.com/administrator/index.php?option=com_login, but my backend is hidden with adminexile with token and a key. It's just that 200 code that bugs me...
There are no stupid questions, only stupid answers...

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3493
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Weird log access

Postby abernyte » Sun Sep 17, 2017 2:01 pm

It was probably a bot. If you see no further activity in the logs from that IP after the GET you should be fine. :eek:
It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so. Twain

User avatar
dude28039933
Joomla! Explorer
Joomla! Explorer
Posts: 293
Joined: Thu Nov 21, 2013 10:51 am
Location: Hrvatska

Re: Weird log access

Postby dude28039933 » Sun Sep 17, 2017 6:20 pm

Well, yeah, that was only activity I got from that IP, but when I tried the same thing, and tested the adminexile like that, I jost got the blank page...
There are no stupid questions, only stupid answers...


Return to “Security in Joomla! 3.x”

Who is online

Users browsing this forum: No registered users and 3 guests