exupawi Posted May 19, 2011 Share Posted May 19, 2011 When viewing who's online recently I have found some paths that don't make sense. I pasted some below. I have been banning their ip addresses and hosts and I see that many of the ips are DNSOBL blacklisted. What are they trying to do here? How are they finding my site and why now? 204.15.248.0 - 204.15.255.255 /osCommerce/catalog/index.php?cPath=21/admin/sqlpatch.php/password 208.116.36.60 osCommerce/catalog/product_info.php?cPath=94&a 75.125.37.122 07:36:38 07:36:38 /osCommerce/catalog/index.php?cPath=21/admin/categories.php/logi 66.249.67.75 09:05:06 09:05:06 /osCommerce/redirect.php?action=url&goto=27.00&osCsid=5a7e2bdc44 217.144.201.54 09:08:40 09:08:40 /osCommerce/catalog/index.php?cPath=21/admin/categories.php/logi 217.144.201.54 09:08:46 09:08:46 /osCommerce/catalog/index.php?cPath=70/admin/categories.php/logi 217.144.201.54 09:08:48 09:08:48 /osCommerce/catalog/index.php?cPath=70/admin/file_manager.php/lo 0:03:38 0 Guest 91.196.124.13 09:34:45 09:34:45 /osCommerce/catalog/index.php?cPath=21/admin/categories.php/logi 00:03:43 0 Guest 91.196.124.13 09:34:40 09:34:40 /osCommerce/catalog/index.php?cPath=21/admin/file_manager.php/lo 00:03:45 0 Guest 91.196.124.13 09:34:38 09:34:38 /osCommerce/catalog/index.php?cPath=21/admin/categories.php/logi 00:03:51 0 Guest 91.196.124.13 09:34:32 09:34:32 /osCommerce/catalog/index.php?cPath=21/admin/file_manager.php/lo 00:01:44 0 Guest 91.196.124.13 09:36:39 09:36:39 /osCommerce/catalog/index.php?cPath=70/admin/categories.php/logi 00:01:34 0 Guest 91.196.124.13 09:36:49 09:36:49 /osCommerce/catalog/index.php?cPath=22/admin/file_manager.php/lo 00:01:35 0 Guest 91.196.124.13 09:36:48 09:36:48 /osCommerce/catalog/index.php?cPath=22/admin/categories.php/logi 00:01:44 0 Guest 91.196.124.13 09:36:39 09:36:39 /osCommerce/catalog/index.php?cPath=70/admin/file_manager.php/lo 00:00:51 0 Guest 91.196.124.13 09:37:32 09:37:32 /osCommerce/catalog/index.php?cPath=41/admin/file_manager.php/lo 00:00:50 0 Guest 91.196.124.13 09:37:33 09:37:33 /osCommerce/catalog/index.php?cPath=41/admin/categories.php/logi 00:03:06 0 Guest 91.196.124.13 09:38:44 09:38:44 /osCommerce/catalog/index.php?cPath=60/admin/categories.php/logi 00:03:04 0 Guest 91.196.124.13 09:38:46 09:38:46 /osCommerce/catalog/index.php?cPath=41/admin/file_manager.php/lo 00:03:03 0 Guest 91.196.124.13 09:38:47 09:38:47 /osCommerce/catalog/index.php?cPath=93/admin/categories.php/logi Link to comment Share on other sites More sharing options...
Guest Posted May 19, 2011 Share Posted May 19, 2011 Paul, It is a script, looking for vulnerabilities in your website so the hacker can come back and hack the website. Chris Link to comment Share on other sites More sharing options...
astecme Posted August 20, 2011 Share Posted August 20, 2011 You need to change your admin directory and then change the defines to point to the new one. Once they fire up file manager they can and do upload files to mail out spam. once you are clean install sitemonitor. Link to comment Share on other sites More sharing options...
satish Posted August 21, 2011 Share Posted August 21, 2011 Its a script that checks vulnerability. Some scanning services check for vulnerability or some hackers trying to get if they can break thru. Do the following: 1.Rename Admin. 2. .htaccess protect admin. 3. Delete file manager code. 4. Images folder and all other 777 folders to be htaccess protected. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
npn2531 Posted August 22, 2011 Share Posted August 22, 2011 If you htaccess protected the images folder wouldn't that limit the viewing of the images in that folder to those who are signed in? Oscommerce site: OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120 Link to comment Share on other sites More sharing options...
BryceJr Posted August 22, 2011 Share Posted August 22, 2011 If you htaccess protected the images folder wouldn't that limit the viewing of the images in that folder to those who are signed in? I think he's referring to >>this Link to comment Share on other sites More sharing options...
npn2531 Posted August 22, 2011 Share Posted August 22, 2011 I think he's referring to >>this Thanks, there is a lot in that thread to chew on. Oscommerce site: OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120 Link to comment Share on other sites More sharing options...
satish Posted August 23, 2011 Share Posted August 23, 2011 <FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe){:content:}quot;> Order Deny,Allow Deny from all </FilesMatch> should go into htaccess and these htaccess should be placed in images folder. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
npn2531 Posted August 23, 2011 Share Posted August 23, 2011 <FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe){:content:}quot;> Order Deny,Allow Deny from all </FilesMatch> should go into htaccess and these htaccess should be placed in images folder. Satish Thanks! However, to clarify, do you mean a separate, unique htaccess file in addition to one in the root level should go into the images folder? What exactly is this command doing, and what is the logic behind putting it in the images folder? Oscommerce site: OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120 Link to comment Share on other sites More sharing options...
satish Posted August 23, 2011 Share Posted August 23, 2011 This needs to go as a seperate htaccess file in images folder. This will not allow any files with .php or .exe or .cgi t be executed. Making your image folder more safe for your site. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
npn2531 Posted August 23, 2011 Share Posted August 23, 2011 This needs to go as a seperate htaccess file in images folder. This will not allow any files with .php or .exe or .cgi t be executed. Making your image folder more safe for your site. Satish That makes total sense. Thanks for explaining it. Oscommerce site: OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.