Peper Posted August 30, 2010 Posted August 30, 2010 Going through error log and found: [error] [client 78.129.9.54] File does not exist: /home/----/public_html/shop/diaa.php, referer: http://www.rajabracing.com.au/galz_edited.php I followed the link and it sure is suspicious after I g00gled diaa.php Getting the Phoenix off the ground
web-project Posted August 31, 2010 Posted August 31, 2010 Going through error log and found: [error] [client 78.129.9.54] File does not exist: /home/----/public_html/shop/diaa.php, referer: http://www.rajabraci...galz_edited.php I followed the link and it sure is suspicious after I g00gled diaa.php this log shows that they trying to access file which doesn't exist on your server. I personally recommend scan your store file for presents of encoded code and file which you have never uploaded and using ativirus software scan the php files. Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you.
slee1005 Posted September 13, 2010 Posted September 13, 2010 this log shows that they trying to access file which doesn't exist on your server. I personally recommend scan your store file for presents of encoded code and file which you have never uploaded and using ativirus software scan the php files. it seems to do something with filemanager. hacker was manage to upload pishing file and extract on root of oscommerce xxxxxxx - - [12/Sep/2010:16:36:02 -0600] "POST /admin/file_manager.php/login.php?action=save HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" xxxxxxx - - [12/Sep/2010:16:38:23 -0600] "GET /halt.php HTTP/1.1" 200 440 "http://dataglobal.cl/galz_edited.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.12) Gecko/20100824 Firefox/3.5.12 (.NET CLR 3.5.30729) WebMoney Advisor" xxxxxxx - - [12/Sep/2010:16:38:25 -0600] "GET /favicon.ico HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.12) Gecko/20100824 Firefox/3.5.12 (.NET CLR 3.5.30729) WebMoney Advisor" xxxxxxx - - [12/Sep/2010:16:38:51 -0600] "GET /halt.php HTTP/1.1" 200 440 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.12) Gecko/20100824 Firefox/3.5.12 (.NET CLR 3.5.30729) WebMoney Advisor"
Peper Posted September 22, 2010 Author Posted September 22, 2010 I'm running 2 osCommerce sites and this query came up with both Can someone suggest a .htaccess changes to block such files I have installed a bad conduct addon which adds their ip to the list, can we do this for specific files requests as well?? Please post and keep our sites safe Getting the Phoenix off the ground
♥mdtaylorlrim Posted September 22, 2010 Posted September 22, 2010 I'm running 2 osCommerce sites and this query came up with both Can someone suggest a .htaccess changes to block such files I have installed a bad conduct addon which adds their ip to the list, can we do this for specific files requests as well?? Please post and keep our sites safe Read the security forum (this one?) the pinned topic "How to secure my site." All of the very necessary recommendations to securing your site, including what to do to prevent this, is contained in that topic. The link is in my signature... Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.