Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Is This a Hack Attempt?


Mort-lemur

Recommended Posts

Posted

I had an IP address Blocked by IP Trap - so I had a look in my raw access logs to find what they had been doing and saw this:

 

78.46.75.53 - - [28/May/2010:18:36:59 +0100] "GET /admin HTTP/1.1" 301 251 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7"

78.46.75.53 - - [28/May/2010:18:37:01 +0100] "GET /admin/ HTTP/1.1" 302 20 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7"

78.46.75.53 - - [28/May/2010:18:37:03 +0100] "GET /blocked.php HTTP/1.1" 200 929 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7"

78.46.75.53 - - [28/May/2010:18:37:05 +0100] "GET /images/stop.png HTTP/1.1" 200 56947 "http://www.my domain.co.uk/blocked.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7"

78.46.75.53 - - [28/May/2010:18:38:15 +0100] "GET /admin/ HTTP/1.1" 302 20 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.7pre) Gecko/20070815 Firefox/2.0.0.6 Navigator/9.0b3"

78.46.75.53 - - [28/May/2010:18:38:19 +0100] "GET /blocked.php HTTP/1.1" 200 943 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.7pre) Gecko/20070815 Firefox/2.0.0.6 Navigator/9.0b3"

78.46.75.53 - - [28/May/2010:18:38:22 +0100] "GET /images/stop.png HTTP/1.1" 304 - "http://www.mydomain.co.uk/blocked.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.7pre) Gecko/20070815 Firefox/2.0.0.6 Navigator/9.0b3"

78.46.75.53 - - [28/May/2010:18:38:23 +0100] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.7pre) Gecko/20070815 Firefox/2.0.0.6 Navigator/9.0b3"

 

 

Is this some form of hack attempt? if so what were they trying to do ?

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Posted

Heather,

 

They were definitely snooping around, but I don't think they were actually attempting to hack the site at that point.

 

 

 

Chris

Posted

Thanks Chris,

 

Making a backup and checking site monitor just in case.

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Posted

78.46.75.53 - - [28/May/2010:18:38:15 +0100] "GET /admin/ HTTP/1.1" 302 20 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.7pre) Gecko/20070815 Firefox/2.0.0.6 Navigator/9.0b3"

This is definitely someone that knows you are running osCommerce and looking to see if your admin directory is unprotected. If it were not it would certainly result in a hack attempt. The IP address resolves to The Netherlands where the majority of my hacking attempts come from. Since no amount of complaints to the ISP will help an ip ban of 78.0.0.0/8 is justified to me.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Posted

Thanks Mark,

 

Now banned 78. etc through .htaccess

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...