Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Is this a attempted hack?


Guest

Recommended Posts

While checking my server logs as I do each morning I came across this below.

I was wondering if this is a coordinated attack as the same file was tried from different IPs even though the times are different.

 

[Thu Jan 08 00:13:20 2009] [error] [client 217.113.52.248] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 00:19:18 2009] [error] [client 216.129.125.28] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 00:28:27 2009] [error] [client 74.222.1.158] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 00:34:53 2009] [error] [client 89.203.161.188] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 00:38:32 2009] [error] [client 89.203.161.188] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 00:42:59 2009] [error] [client 89.203.161.188] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 00:46:38 2009] [error] [client 89.203.161.188] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 01:08:37 2009] [error] [client 212.95.48.30] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 02:07:46 2009] [error] [client 66.79.168.134] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 02:19:39 2009] [error] [client 78.109.28.160] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 03:32:59 2009] [error] [client 89.149.242.52] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 03:38:14 2009] [error] [client 87.233.176.109] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 03:40:13 2009] [error] [client 94.102.51.155] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 04:08:25 2009] [error] [client 89.111.189.123] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 04:16:49 2009] [error] [client 38.103.144.26] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 04:53:08 2009] [error] [client 85.112.3.83] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 05:13:15 2009] [error] [client 217.157.240.82] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 05:35:42 2009] [error] [client 87.98.222.87] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 05:40:40 2009] [error] [client 87.98.222.87] File does not exist: C:/htdocs/mystorename/nonexistenshit

[Thu Jan 08 05:50:29 2009] [error] [client 67.85.15.11] File does not exist: C:/htdocs/mystorename/nonexistenshit

 

Doing a whois on a few of them show from all over: Russian Federation, United States, Spain , Denmark , France

 

Thanks

Link to comment
Share on other sites

I have been getting this message along with others

64.85.167.248 - - [08/Jan/2009:15:13:52 +0530] "GET /nonexistenshit HTTP/1.1" 404 287 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"

64.85.167.248 - - [08/Jan/2009:15:13:52 +0530] "GET /mail/bin/msgimport HTTP/1.1" 404 291 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"

64.85.167.248 - - [08/Jan/2009:15:13:53 +0530] "GET /bin/msgimport HTTP/1.1" 404 286 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"

64.85.167.248 - - [08/Jan/2009:15:13:54 +0530] "GET /rc/bin/msgimport HTTP/1.1" 404 289 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"

64.85.167.248 - - [08/Jan/2009:15:13:55 +0530] "GET /roundcube/bin/msgimport HTTP/1.1" 404 296 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"

64.85.167.248 - - [08/Jan/2009:15:13:56 +0530] "GET /webmail/bin/msgimport HTTP/1.1" 404 294 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"

78.41.239.131 - - [08/Jan/2009:15:23:25 +0530] "GET /nonexistenshit HTTP/1.1" 404 287 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"

78.41.239.131 - - [08/Jan/2009:15:23:26 +0530] "GET /mail/bin/msgimport HTTP/1.1" 404 291 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"

They say it is a vulnerability in roundcube....

http://www.webhostingtalk.com/showthread.php?p=5492684

Link to comment
Share on other sites

Thanks for reply.

.Joel had given me the remidy yesterday via PM. I just got time to post back.

The answer is on page 4 of that link above.

Link to comment
Share on other sites

  • 1 month later...
Thanks for reply.

.Joel had given me the remidy yesterday via PM. I just got time to post back.

The answer is on page 4 of that link above.

 

Albeit this is a bit older now but here's how I handled it at the time using instructions from here: http://www.microdevsys.com/WordPress/2009/...alicious-scans/

 

I've stumbled on this earlier, which worked out great for me for all sorts of issues like these. Besides the already mentioned suggestions, ModSecurity can take care of the issue for you as it happens so you could give it a shot. This will give you some long term protection as well for any such future problems while you work on patching your app.

 

Regards,

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...