I have been experiencing a number of attacks and hacks on my joomla sites. I have been trying to follow security guidelines here and implement them as best I can. One thing I have done is to watch my logs to see who is visiting. I found a number (7) of the following yesterday all from different host numbers. They all happened seconds apart:
Host: [RussW: Removed, irrelevant to discussion or resolution]
//administrator/components/com_securityimages/lang.php?mosConfig_absolute_path=[RussW: Removed, irrelevant to discussion or resolution] ?
Http Code: 403 Date: Feb 17 06:49:44 Http Version: HTTP/1.1 Size in Bytes: 581
Referer: -
Agent: libwww-perl/5.803
When I went to http://[RussW: Removed, irrelevant to discussion or resolution] ? I found the following script.
[RussW: References to Exploit, Country, Names or Detail have been removed, these are irrelevant to the discussion and offer nothing to assist with issue resolution.]
Can someone tell me what this is trying to do?
Help with security issues. Please see code
-
bvrettski
- Joomla! Enthusiast
- Posts: 197
- Joined: Mon Jan 15, 2007 3:15 pm
- Location: Utah
- Contact:
-
mandville
- Joomla! Master
- Posts: 15018
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Help with security issues. Please see code
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
bvrettski
- Joomla! Enthusiast
- Posts: 197
- Joined: Mon Jan 15, 2007 3:15 pm
- Location: Utah
- Contact:
Re: Help with security issues. Please see code
Thanks..that was my suspicion. How do I report and fight against this sort of thing?
-
mandville
- Joomla! Master
- Posts: 15018
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Help with security issues. Please see code
report it to the host or domain registrar, enable the htaccess and read the security faq
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
Geoff
- Joomla! Virtuoso
- Posts: 3193
- Joined: Sun Apr 16, 2006 12:20 am
- Location: 127.0.0.1
Re: Help with security issues. Please see code
Security FAQs: http://help.joomla.org/component/option ... temid,268/
Backup, backup, backup!
The "Master" .htacess file by Nicholas http://snipt.net/nikosdion/the-master-htaccess
The "Master" .htacess file by Nicholas http://snipt.net/nikosdion/the-master-htaccess
-
bvrettski
- Joomla! Enthusiast
- Posts: 197
- Joined: Mon Jan 15, 2007 3:15 pm
- Location: Utah
- Contact:
Re: Help with security issues. Please see code
I'm well aware of the security FAQ but thanks. Its a bit overwhelming trying to understand the ins and out of security so when I post its usually becasue I'm looking for something more specific, that i haven't been able to find.
In this case understanding the code I posted above and what sort of attack this might be, if it was an attack. So the security FAQ wasnt much help.
In this case understanding the code I posted above and what sort of attack this might be, if it was an attack. So the security FAQ wasnt much help.
-
RussW
- Joomla! Exemplar
- Posts: 9362
- Joined: Sun Oct 22, 2006 4:42 am
- Location: Sunshine Coast, Queensland, Australia
- Contact:
Re: Help with security issues. Please see code
@bvrettski
I believe that if you spend time working through the Security FAQ's, Stickies and the many many posts with similar if not the same information you will find that your questions are answered in great detail, also as a learning experience you will start to develop a better understanding of the requirements of running a secure site and learn more regarding what the attempted exploit was doing. Some PHP experience will assist you greatly also.
We do understand the FAQ's are large and contain a lot of information, of which is very new to many folks, but working through the FAQ's one by one and point by point, rather than trying to attack the complete document in one session will ease the learning process and provide for a better overall understanding of security techniques and measures.
I believe that if you spend time working through the Security FAQ's, Stickies and the many many posts with similar if not the same information you will find that your questions are answered in great detail, also as a learning experience you will start to develop a better understanding of the requirements of running a secure site and learn more regarding what the attempted exploit was doing. Some PHP experience will assist you greatly also.
We do understand the FAQ's are large and contain a lot of information, of which is very new to many folks, but working through the FAQ's one by one and point by point, rather than trying to attack the complete document in one session will ease the learning process and provide for a better overall understanding of security techniques and measures.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/
