Page 1 of 1

Bots requesting /component/ajax/?format=json

Posted: Thu Dec 06, 2018 3:16 pm
by bjrn
Recently I've noticed in a few of the sites we maintain that bots requesting /component/ajax/?format=json in larger amounts (going from zero or single digits per day to a few thousand).

Is there anyone here who has also experienced this and/or has a clue as to what might be going on?

Edit: The site itself isn't loading this resource for normal visitors. And the requests are coming from all over, not a specific IP address.

Re: Bots requesting /component/ajax/?format=json

Posted: Thu Dec 06, 2018 5:36 pm
by sozzled
I haven't seen this problem recently but I have encountered similar incidents like this before. The attack is symptomatic of Basically it's a trial-and-error attempt to identify what software is operating on your website and how best the attacker can exploit known vulnerabilities with that software. The problem in combating these attempts is that IP-based blocking will not work because the attacker(s) is/are using fast flux to hide their location.

You could add a redirect rule to your .htaccess file to detect and deny URLs containing the string "/component/ajax/?format=json" or use Joomla's Redirect Manager (see also viewtopic.php?f=714&t=958501).

Re: Bots requesting /component/ajax/?format=json

Posted: Tue Mar 12, 2019 8:00 pm
by barrycox
yes, i'm seeing alot of those... they seem to try for serveral hours every tuesday am...

thanks for the tip and the links. i am implementing (along with the wp* one). i'll find out if that url is used for something else...