DogFoodIT Posted June 18, 2013 Share Posted June 18, 2013 Hi All, I have been noticing some strange activity on our site as of late and it makes me a little concerned, When perving on the Who's Online page i sometimes see the follow code in the links (URL) reading from bottom up! Please note: this is a copy of the Who's Online.php Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:50 16:30:50 /ext/jquery/ui/);if(c.label===null)c.label=this.buttonElement.html();if(this.element.is( Yes Not Found Active with no Cart 00:00:00 Guest centra168.lnk.telstra.net 16:30:48 16:30:48 /advanced_search_result.php?keywords=14.97&search_in_description=0&x=0&y=0 Yes Yes Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:47 16:30:47 /ext/jquery/ui/).html(this.buttonElement.find( Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:41 16:30:41 /ext/jquery/ui/).addClass(this._triggerClass).html(f== Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:38 16:30:38 /ext/jquery/fancybox/;m.html(C);F();break;case Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:35 16:30:35 /ext/jquery/fancybox/;m.html( Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:33 16:30:33 /ext/jquery/fancybox/:m.html(e.content);F();break;case Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:30 16:30:30 /ext/jquery/fancybox/+d.titlePosition).html(s).appendTo( Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:27 16:30:27 /ext/jquery/fancybox/)x=w}m.html(x);F()}}}));break;case Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:25 16:30:25 /ext/jquery/fancybox/%27+d.href+%27 Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:22 16:30:22 /ext/jquery/bxGallery/%27+o.load_image+%27 Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:19 16:30:19 /ext/jquery/bxGallery/%27+$this.attr(%27src%27)+%27 Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:11 16:30:11 /ext/jquery/]};F.optgroup=F.option;F.tbody=F.tfoot=F.colgroup=F.caption=F.thead;F.th=F.td;if(!c.support.htmlSerialize)F._default=[1, Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:08 16:30:08 /ext/jquery/)j.html(e?c( Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:03 16:30:03 /https://twitter.com Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:29:56 16:29:56 //smarticon.geotrust.com/si.js Yes Not Found Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:29:49 16:29:49 / As you can see it looks like the server is trying to access certain files or call functions etc through the URL, first of all can hacking be done like this??? I have also noticed this in the error_logs (as the files do not exist). or is this a error with my site not running some JQuery correctly? any advise would be fantastic. thanks Link to comment Share on other sites More sharing options...
ozEworks Posted July 25, 2013 Share Posted July 25, 2013 It could be a hacker bot trying to exploit vulnerabilities in third party libraries. If you have the IP address you could try banning it. Link to comment Share on other sites More sharing options...
DogFoodIT Posted July 25, 2013 Author Share Posted July 25, 2013 Hi Kim, thanks for the reply :D . I try to block as many IP's as possible, even only allowing the Country IP's through .htaccess. This does not always work as hacker usually hijack other IP's when playing the evil games they play. I would really have to look in to the jQuery plugins to see if they do have vulnerabilities that need fixing. Do you know if updating the libraries would be compatible with 2.3.1? thanks Link to comment Share on other sites More sharing options...
ozEworks Posted July 27, 2013 Share Posted July 27, 2013 I know. But you can always hope for a novice hacker using a real IP. I can't say for sure but I think if you upgrade the libraries they will work. I have a vague recollection we did it recently for a client site to fix some problem. If I remember I will post back. Do you have a test site? Link to comment Share on other sites More sharing options...
DogFoodIT Posted September 4, 2013 Author Share Posted September 4, 2013 I know. But you can always hope for a novice hacker using a real IP. I can't say for sure but I think if you upgrade the libraries they will work. I have a vague recollection we did it recently for a client site to fix some problem. If I remember I will post back. Do you have a test site? Hi Kym, Sorry for the major delay. It's been a while since i have been online. Yes i do have a test site and probably have a crack at changing the Jquiry lib for security purpose. thanks again. Ben Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.