Jump to content


Corporate Sponsors


Latest News: (loading..)

- - - - -

What are these visiters up too- who's online

Started by exupawi, May 19 2011, 16:01

10 replies to this topic

#1 exupawi

  • Community Member
  • 30 posts
  • Real Name:Paul Wilson

Posted 19 May 2011, 16:01

When viewing who's online recently I have found some paths that don't make sense. I pasted some below. I have been banning their ip addresses and hosts and I see that many of the ips are DNSOBL blacklisted. What are they trying to do here? How are they finding my site and why now?

204.15.248.0 - 204.15.255.255 /osCommerce/catalog/index.php?cPath=21/admin/sqlpatch.php/password
208.116.36.60 osCommerce/catalog/product_info.php?cPath=94&a
75.125.37.122 07:36:38 07:36:38 /osCommerce/catalog/index.php?cPath=21/admin/categories.php/logi
66.249.67.75 09:05:06 09:05:06 /osCommerce/redirect.php?action=url&goto=27.00&osCsid=5a7e2bdc44
217.144.201.54 09:08:40 09:08:40 /osCommerce/catalog/index.php?cPath=21/admin/categories.php/logi
217.144.201.54 09:08:46 09:08:46 /osCommerce/catalog/index.php?cPath=70/admin/categories.php/logi
217.144.201.54 09:08:48 09:08:48 /osCommerce/catalog/index.php?cPath=70/admin/file_manager.php/lo
0:03:38 0 Guest 91.196.124.13 09:34:45 09:34:45 /osCommerce/catalog/index.php?cPath=21/admin/categories.php/logi
00:03:43 0 Guest 91.196.124.13 09:34:40 09:34:40 /osCommerce/catalog/index.php?cPath=21/admin/file_manager.php/lo
00:03:45 0 Guest 91.196.124.13 09:34:38 09:34:38 /osCommerce/catalog/index.php?cPath=21/admin/categories.php/logi
00:03:51 0 Guest 91.196.124.13 09:34:32 09:34:32 /osCommerce/catalog/index.php?cPath=21/admin/file_manager.php/lo
00:01:44 0 Guest 91.196.124.13 09:36:39 09:36:39 /osCommerce/catalog/index.php?cPath=70/admin/categories.php/logi
00:01:34 0 Guest 91.196.124.13 09:36:49 09:36:49 /osCommerce/catalog/index.php?cPath=22/admin/file_manager.php/lo
00:01:35 0 Guest 91.196.124.13 09:36:48 09:36:48 /osCommerce/catalog/index.php?cPath=22/admin/categories.php/logi
00:01:44 0 Guest 91.196.124.13 09:36:39 09:36:39 /osCommerce/catalog/index.php?cPath=70/admin/file_manager.php/lo
00:00:51 0 Guest 91.196.124.13 09:37:32 09:37:32 /osCommerce/catalog/index.php?cPath=41/admin/file_manager.php/lo
00:00:50 0 Guest 91.196.124.13 09:37:33 09:37:33 /osCommerce/catalog/index.php?cPath=41/admin/categories.php/logi
00:03:06 0 Guest 91.196.124.13 09:38:44 09:38:44 /osCommerce/catalog/index.php?cPath=60/admin/categories.php/logi
00:03:04 0 Guest 91.196.124.13 09:38:46 09:38:46 /osCommerce/catalog/index.php?cPath=41/admin/file_manager.php/lo
00:03:03 0 Guest 91.196.124.13 09:38:47 09:38:47 /osCommerce/catalog/index.php?cPath=93/admin/categories.php/logi

#2 DunWeb

  • Community Sponsor
  • 10,464 posts
  • Real Name:Chris Dunn
  • Gender:Male
  • Location:Tecumseh, Ontario, Canada N8N 1X8

Posted 19 May 2011, 16:25

Paul,

It is a script, looking for vulnerabilities in your website so the hacker can come back and hack the website.



Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:

:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:

#3 astecme

  • Community Member
  • 21 posts
  • Real Name:Allan Shillitto
  • Gender:Male
  • Location:Bristol UK

Posted 20 August 2011, 16:54

You need to change your admin directory and then change the defines to point to the new one. Once they fire up file manager they can and do upload files to mail out spam. once you are clean install sitemonitor.

#4 satish

  • Community Member
  • 5,325 posts
  • Real Name:Satish Mantri
  • Gender:Male
  • Location:Nagpur(India)

Posted 21 August 2011, 18:37

Its a script that checks vulnerability.

Some scanning services check for vulnerability or some hackers trying to get if they can break thru.

Do the following:
1.Rename Admin.
2. .htaccess protect admin.
3. Delete file manager code.
4. Images folder and all other 777 folders to be htaccess protected.

Satish
Ask for osCommerce value addon suggestion tips for your site.
Check My About US For who am I and what My company does.

#5 npn2531

  • Community Member
  • 951 posts
  • Real Name:Jase
  • Gender:Not Telling

Posted 22 August 2011, 08:11

If you htaccess protected the images folder wouldn't that limit the viewing of the images in that folder to those who are signed in?
Oscommerce site:


OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120

#6 BryceJr

  • Community Member
  • 1,448 posts
  • Real Name:Bryce

Posted 22 August 2011, 19:05

View Postnpn2531, on 22 August 2011, 08:11, said:

If you htaccess protected the images folder wouldn't that limit the viewing of the images in that folder to those who are signed in?
I think he's referring to >>this

#7 npn2531

  • Community Member
  • 951 posts
  • Real Name:Jase
  • Gender:Not Telling

Posted 22 August 2011, 20:35

View PostBryceJr, on 22 August 2011, 19:05, said:

I think he's referring to >>this
Thanks, there is a lot in that thread to chew on.
Oscommerce site:


OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120

#8 satish

  • Community Member
  • 5,325 posts
  • Real Name:Satish Mantri
  • Gender:Male
  • Location:Nagpur(India)

Posted 23 August 2011, 04:13

<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe){:content:}quot;>
Order Deny,Allow
Deny from all
</FilesMatch>

should go into htaccess and these htaccess should be placed in images folder.

Satish

Ask for osCommerce value addon suggestion tips for your site.
Check My About US For who am I and what My company does.

#9 npn2531

  • Community Member
  • 951 posts
  • Real Name:Jase
  • Gender:Not Telling

Posted 23 August 2011, 04:23

View Postsatish, on 23 August 2011, 04:13, said:

<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe){:content:}quot;>
Order Deny,Allow
Deny from all
</FilesMatch>

should go into htaccess and these htaccess should be placed in images folder.

Satish
Thanks! However, to clarify, do you mean a separate, unique htaccess file in addition to one in the root level should go into the images folder? What exactly is this command doing, and what is the logic behind putting it in the images folder?
Oscommerce site:


OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120

#10 satish

  • Community Member
  • 5,325 posts
  • Real Name:Satish Mantri
  • Gender:Male
  • Location:Nagpur(India)

Posted 23 August 2011, 04:47

This needs to go as a seperate htaccess file in images folder.

This will not allow any files with .php or .exe or .cgi t be executed.

Making your image folder more safe for your site.

Satish
Ask for osCommerce value addon suggestion tips for your site.
Check My About US For who am I and what My company does.

#11 npn2531

  • Community Member
  • 951 posts
  • Real Name:Jase
  • Gender:Not Telling

Posted 23 August 2011, 05:11

View Postsatish, on 23 August 2011, 04:47, said:

This needs to go as a seperate htaccess file in images folder.

This will not allow any files with .php or .exe or .cgi t be executed.

Making your image folder more safe for your site.

Satish
That makes total sense. Thanks for explaining it.
Oscommerce site:


OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120
Back to General Support · Next Unread Topic →


  1. osCommerce Support Forum
  2. osCommerce Online Merchant v2.x
  3. General Support
  4. Forum Rules