Jump to content

Archived

This topic is now archived and is closed to further replies.

DogFoodIT

jQuery through URI, error or hack?

Recommended Posts

Hi All,

 

I have been noticing some strange activity on our site as of late and it makes me a little concerned, When perving on the Who's Online page i sometimes see the follow code in the links (URL) reading from bottom up!

Please note: this is a copy of the Who's Online.php post-281185-0-54822000-1371537981_thumb.jpg

 

Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:50 16:30:50 /ext/jquery/ui/);if(c.label===null)c.label=this.buttonElement.html();if(this.element.is( Yes Not Found
Active with no Cart 00:00:00 Guest centra168.lnk.telstra.net 16:30:48 16:30:48 /advanced_search_result.php?keywords=14.97&search_in_description=0&x=0&y=0 Yes Yes
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:47 16:30:47 /ext/jquery/ui/).html(this.buttonElement.find( Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:41 16:30:41 /ext/jquery/ui/).addClass(this._triggerClass).html(f== Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:38 16:30:38 /ext/jquery/fancybox/;m.html(C);F();break;case Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:35 16:30:35 /ext/jquery/fancybox/;m.html( Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:33 16:30:33 /ext/jquery/fancybox/:m.html(e.content);F();break;case Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:30 16:30:30 /ext/jquery/fancybox/+d.titlePosition).html(s).appendTo( Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:27 16:30:27 /ext/jquery/fancybox/)x=w}m.html(x);F()}}}));break;case Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:25 16:30:25 /ext/jquery/fancybox/%27+d.href+%27 Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:22 16:30:22 /ext/jquery/bxGallery/%27+o.load_image+%27 Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:19 16:30:19 /ext/jquery/bxGallery/%27+$this.attr(%27src%27)+%27 Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:11 16:30:11 /ext/jquery/]};F.optgroup=F.option;F.tbody=F.tfoot=F.colgroup=F.caption=F.thead;F.th=F.td;if(!c.support.htmlSerialize)F._default=[1, Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:08 16:30:08 /ext/jquery/)j.html(e?c( Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:30:03 16:30:03 /https://twitter.com Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:29:56 16:29:56 //smarticon.geotrust.com/si.js Yes Not Found
Active with no Cart 00:00:00 Guest t197.topaz.fastwebserver.de 16:29:49 16:29:49 /

 

As you can see it looks like the server is trying to access certain files or call functions etc through the URL, first of all can hacking be done like this???

 

I have also noticed this in the error_logs (as the files do not exist).

 

or is this a error with my site not running some JQuery correctly?

 

any advise would be fantastic.

 

thanks

Share this post


Link to post
Share on other sites

It could be a hacker bot trying to exploit vulnerabilities in third party libraries.

 

If you have the IP address you could try banning it.

 

 


Kym

Projects Director @ ozEworks.com

Share this post


Link to post
Share on other sites

Hi Kim, thanks for the reply :D . I try to block as many IP's as possible, even only allowing the Country IP's through .htaccess. This does not always work as hacker usually hijack other IP's when playing the evil games they play.

 

 

I would really have to look in to the jQuery plugins to see if they do have vulnerabilities that need fixing. Do you know if updating the libraries would be compatible with 2.3.1?

 

thanks

Share this post


Link to post
Share on other sites

I know. But you can always hope for a novice hacker using a real IP. I can't say for sure but I think if you upgrade the libraries they will work. I have a vague recollection we did it recently for a client site to fix some problem. If I remember I will post back.

 

Do you have a test site?


Kym

Projects Director @ ozEworks.com

Share this post


Link to post
Share on other sites

I know. But you can always hope for a novice hacker using a real IP. I can't say for sure but I think if you upgrade the libraries they will work. I have a vague recollection we did it recently for a client site to fix some problem. If I remember I will post back.

 

Do you have a test site?

 

Hi Kym,

 

Sorry for the major delay. It's been a while since i have been online.

 

Yes i do have a test site and probably have a crack at changing the Jquiry lib for security purpose.

 

thanks again.

 

Ben

Share this post


Link to post
Share on other sites

×