Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Has My Site Been Hacked


miller-lite

Recommended Posts

Posted

I just went into my cpanel to see the latest visitors to my site. While scrolling through things everything appeared normal, saw the usual crawler activity accessing images, stylesheets, etc. One showed things been accessed that I have never seen accessed before.

 

This is what I found:

 

Host: 84.36.153.219

 

• /catalog/logs/n.php

Http Code: 500 Date: Apr 09 13:40:21 Http Version: HTTP/1.1 Size in Bytes: 5

Referer: -

Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

 

• /catalog/logs/s.php

Http Code: 200 Date: Apr 09 13:44:00 Http Version: HTTP/1.1 Size in Bytes: 1626

Referer: -

Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

 

• /catalog/logs/sys_cpanel/images/bottombody.jpg

Http Code: 404 Date: Apr 09 13:44:03 Http Version: HTTP/1.1 Size in Bytes: -

Referer: http://www.jvgallery.com/catalog/logs/.p.php

Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

 

• /catalog/logs/s.php?youruser=gallery5&victimuser=securit3&folder=%2Fcatalog%2Flogs&file=%2Fcommuni

Http Code: 200 Date: Apr 09 13:48:37 Http Version: HTTP/1.1 Size in Bytes: 1673

Referer: http://www.jvgallery.com/catalog/logs/s.php

Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

 

• /catalog/logs/omega.txt

Http Code: 200 Date: Apr 09 13:48:40 Http Version: HTTP/1.1 Size in Bytes: 1393

Referer: http://www.jvgallery.com/catalog/logs/s.ph...r=securit3&

Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

 

• /catalog/logs/sql.php

Http Code: 500 Date: Apr 09 13:48:58 Http Version: HTTP/1.1 Size in Bytes: 1380

Referer: -

Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

 

• /catalog/logs/.p.php

Http Code: 200 Date: Apr 09 14:06:07 Http Version: HTTP/1.1 Size in Bytes: 52926

Referer: -

Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

 

I went did a WHOIS query on the IP Address and got the following info:

 

OrgName: RIPE Network Coordination Centre

OrgID: RIPE

Address: P.O. Box 10096

City: Amsterdam

StateProv:

PostalCode: 1001EB

Country: NL

 

and here is their web site: http://www.ripe.net/info/ncc/

 

My question is how are they able to get to the files they were trying to access?

 

Do I have a major problem with my security?

 

Verne

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...