Wednesday, 4 September 2013

How to prevent php web attacks on website

How to prevent php web attacks on website

I have the website which was hacked. It was in old joomla 1.5 and i used
many modules which are not not available for new joomla so i had to keep
in old version.
The attacker user jce editor plugin to upload the php script.
These are my logs from apache. can someone explain to me what it does
208.115.226.217 - - [04/Sep/2013:17:42:38 +0800] "GET
//index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20
HTTP/1.1" 200 23488 "-" "BOT/0.1 (BOT for JCE)"
208.115.226.217 - - [04/Sep/2013:17:42:39 +0800] "POST
//index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743
HTTP/1.1" 200 69 "-" "BOT/0.1 (BOT for JCE)"
208.115.226.217 - - [04/Sep/2013:17:42:40 +0800] "POST
//index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20
HTTP/1.1" 200 36 "-" "BOT/0.1 (BOT for JCE)"
208.115.226.217 - - [04/Sep/2013:17:42:40 +0800] "GET
//index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20
HTTP/1.1" 200 23488 "-" "BOT/0.1 (BOT for JCE)"
208.115.226.217 - - [04/Sep/2013:17:42:41 +0800] "Head
//images/stories/0d4y.php HTTP/1.1" 200 27046 "-" "BOT/0.1 (BOT for JCE)"
208.115.226.217 - - [04/Sep/2013:17:42:42 +0800] "POST
//index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20
HTTP/1.1" 200 36 "-" "BOT/0.1 (BOT for JCE)"
74.63.199.4 - - [04/Sep/2013:17:42:42 +0800] "GET /images/stories/0d4y.php
HTTP/1.1" 200 27042 "-" "libwww-perl/5.805"
208.115.226.217 - - [04/Sep/2013:17:42:41 +0800] "POST
//index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743
HTTP/1.1" 200 69 "-" "BOT/0.1 (BOT for JCE)"
208.115.226.217 - - [04/Sep/2013:17:42:43 +0800] "Head
//images/stories/0d4y.php HTTP/1.1" 200 27106 "-" "BOT/0.1 (BOT for JCE)"
74.63.199.4 - - [04/Sep/2013:17:42:43 +0800] "GET /images/stories/0d4y.php
HTTP/1.1" 200 27102 "-" "libwww-perl/5.805"
74.63.199.4 - - [04/Sep/2013:17:44:31 +0800] "POST
/images/stories/0d4y.php?x=shell HTTP/1.1" 200 22971 "-"
"libwww-perl/5.805"
74.63.199.4 - - [04/Sep/2013:17:44:31 +0800] "POST
/images/stories/0d4y.php?x=shell HTTP/1.1" 200 22971 "-"
"libwww-perl/5.805"
74.63.199.4 - - [04/Sep/2013:17:45:43 +0800] "POST
/images/stories/0d4y.php?x=shell HTTP/1.1" 200 22971 "-"
"libwww-perl/5.805"
74.63.199.4 - - [04/Sep/2013:17:45:45 +0800] "POST
/images/stories/0d4y.php?x=shell HTTP/1.1" 200 22971 "-"
"libwww-perl/5.805"
what is libwww-perl and how can i stop these type of attacks. i mean is it
possible that if somehow user uplaods his php files then he should not be
able to execute it
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)