Druid6900 Posted June 24, 2011 Share Posted June 24, 2011 I observed this in my Admin panel this morning and it was there a couple of days ago and I'm not quite sure what to make of it. 00:14:20 0 Guest 88.190.11.113 12:05:39 12:05:39 /catalog/index.php?cPath=2%22%20onmousedown=%22ct(this,%20'http%3A%2F%2Fwww.legacycomputersnparts.com%2Fcatalog%2Findex.php%3FcPath%3D2','28','9','%22by+osCommerce%22++rom','',%20'009090e04ab470f592b60df6a2e25288f0f5b54e686491a21327',%200)/admin/file_mana Both times, there were several instances of it at once, like when a Bot is crawling your site, but the coding was much longer than say, GoogleBot or Slurp or Yandex. Of the 4 that are active right now, two are going for /admin/file_manager (which has long ago been removed) and two are going for /admin/categories Is this cause for concern? No Good Deed EVER Goes Unpunished Link to comment Share on other sites More sharing options...
germ Posted June 24, 2011 Share Posted June 24, 2011 Everything except authorized personnel (probably just you) going for your admin is a hack attempt. As long as they don't "hit the target" it's not much to worry about, except maybe using bandwidth. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Druid6900 Posted June 24, 2011 Author Share Posted June 24, 2011 Well, I've been pretty diligent about installing security features (and the site seems to be still operating correctly :rolleyes: ), so, that's comforting. No Good Deed EVER Goes Unpunished Link to comment Share on other sites More sharing options...
Peper Posted June 29, 2011 Share Posted June 29, 2011 I found a crawler searching for other stuff and folders that's not even listed on my server Strange is it's also indexing the pages .htaccess deny from 79.125.59.235 :thumbsup: Getting the Phoenix off the ground Link to comment Share on other sites More sharing options...
Serika Posted July 12, 2011 Share Posted July 12, 2011 I have been experiencing the same kind problem, for example right now my who is online shows this: /conditions.php/admin/file_manager.php/login.php This has been going on quite long time, for months. have been blocking theese ip adresses manually everytime i spot them, because i have thought that there cant be anything good in trying to get to my admin. Ofcourse i have done everything possible to protect my admin, but still i dont like someone attempting to go for it. But the problem is that i have life to live and a store to run, i cant sit looking for ips to block from my site 24/7, is there anyway to get them automaticly banned when the word admin pops up (obviously the first thing i have done was renaming the admin folder, so there is no one who should be searching for it on my site)? And sorry for my bad english. Link to comment Share on other sites More sharing options...
Taipo Posted July 13, 2011 Share Posted July 13, 2011 There are a couple of addons that would catch that attempt and automatically add the IP address to an htaccess file. One such addon is one I wrote called osC_Sec http://www.oscommerce.com/forums/topic/373777-oscommerce-security-osc-secphp/ It seems to be doing an alright job of nabbing such attempts and banning them. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.