Bots requesting /component/ajax/?format=json

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Tue Jan 29, 2013 2:32 pm

Bots requesting /component/ajax/?format=json

Post by bjrn » Thu Dec 06, 2018 3:16 pm

Recently I've noticed in a few of the sites we maintain that bots requesting /component/ajax/?format=json in larger amounts (going from zero or single digits per day to a few thousand).

Is there anyone here who has also experienced this and/or has a clue as to what might be going on?

Edit: The site itself isn't loading this resource for normal visitors. And the requests are coming from all over, not a specific IP address.

User avatar
Joomla! Exemplar
Joomla! Exemplar
Posts: 9336
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Bots requesting /component/ajax/?format=json

Post by sozzled » Thu Dec 06, 2018 5:36 pm

I haven't seen this problem recently but I have encountered similar incidents like this before. The attack is symptomatic of Basically it's a trial-and-error attempt to identify what software is operating on your website and how best the attacker can exploit known vulnerabilities with that software. The problem in combating these attempts is that IP-based blocking will not work because the attacker(s) is/are using fast flux to hide their location.

You could add a redirect rule to your .htaccess file to detect and deny URLs containing the string "/component/ajax/?format=json" or use Joomla's Redirect Manager (see also viewtopic.php?f=714&t=958501).
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Sat May 13, 2006 1:17 am

Re: Bots requesting /component/ajax/?format=json

Post by barrycox » Tue Mar 12, 2019 8:00 pm

yes, i'm seeing alot of those... they seem to try for serveral hours every tuesday am...

thanks for the tip and the links. i am implementing (along with the wp* one). i'll find out if that url is used for something else...



Return to “Security in Joomla! 3.x”