Elxis CMS Forum
Support => Security => Topic started by: jimmyz on May 07, 2009, 15:59:18
-
No, I'm not asking you to tell me what Expose photo gallery is.
I just noticed one thing and I thought it would be good for Expose users to know about it.
Looking in the statistics (using bbclone), I noticed a visitor who came to my site, from Nigeria. He came through google, using as search query "site++++++++++++++/com_expose" and I was deep in the list...
Here are the access_log entries:
196.3.183.72 - - [07/May/2009:04:39:57 +0300] "GET /component/option,com_expose/Itemid,49/ HTTP/1.1" 200 15126 "http://www.google.gr/search?q=site++++++++++++++/com_expose&hl=el&lr=lang_el&start=30&sa=N" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:00 +0300] "GET /includes/standard.css HTTP/1.1" 200 10117 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:00 +0300] "GET /administrator/includes/js/ajax_new.js HTTP/1.1" 200 5430 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:02 +0300] "GET /includes/js/elxis.js HTTP/1.1" 200 17661 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:05 +0300] "GET /components/com_expose/AC_RunActiveContent.js HTTP/1.1" 200 3625 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:06 +0300] "GET /templates/blueingreen/css/template_css.css HTTP/1.1" 200 592 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:06 +0300] "GET /language/english/english.gif HTTP/1.1" 200 516 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:07 +0300] "GET /language/greek/greek.gif HTTP/1.1" 200 489 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:07 +0300] "GET /templates/blueingreen/images/arrow.png HTTP/1.1" 200 670 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:08 +0300] "GET /templates/blueingreen/css/customize.css HTTP/1.1" 200 13910 "http://thassos4x4.gr/templates/blueingreen/css/template_css.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:08 +0300] "GET /templates/blueingreen/css/layout.css HTTP/1.1" 200 1682 "http://thassos4x4.gr/templates/blueingreen/css/template_css.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:10 +0300] "GET /images/favicon.ico HTTP/1.1" 200 938 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:13 +0300] "GET /images/random-image/view_3.jpg HTTP/1.1" 200 8443 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:12 +0300] "GET /templates/blueingreen/images/logo.png HTTP/1.1" 200 3773 "http://thassos4x4.gr/templates/blueingreen/css/layout.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:12 +0300] "GET /templates/blueingreen/images/li.png HTTP/1.1" 200 668 "http://thassos4x4.gr/templates/blueingreen/css/customize.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:12 +0300] "GET /templates/blueingreen/images/content.png HTTP/1.1" 200 532 "http://thassos4x4.gr/templates/blueingreen/css/layout.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:14 +0300] "GET /templates/blueingreen/images/h3.png HTTP/1.1" 200 686 "http://thassos4x4.gr/templates/blueingreen/css/customize.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:13 +0300] "GET /components/com_expose/expose/swf/expose.swf HTTP/1.1" 200 20440 "http://thassos4x4.gr/component/option,com_expose/Itemid,49/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:16 +0300] "GET /templates/blueingreen/images/menu1.png HTTP/1.1" 200 544 "http://thassos4x4.gr/templates/blueingreen/css/customize.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:12 +0300] "GET /templates/blueingreen/images/header2.gif HTTP/1.1" 200 30297 "http://thassos4x4.gr/templates/blueingreen/css/layout.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:16 +0300] "GET /templates/blueingreen/images/footer.png HTTP/1.1" 200 36604 "http://thassos4x4.gr/templates/blueingreen/css/layout.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:29 +0300] "GET //administrator/components/com_expose/uploadimg.php HTTP/1.1" 404 1239 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:30 +0300] "GET /favicon.ico HTTP/1.1" 404 4350 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
196.3.183.72 - - [07/May/2009:04:40:33 +0300] "GET /favicon.ico HTTP/1.1" 404 4350 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
On the third line, counting from the end, you'll see he asked for //administrator/components/com_expose/uploadimg.php, which generated an error: [Thu May 07 04:40:29 2009] [error] [client 196.3.183.72] script '/var/www/vhosts/anaeth.gr/subdomains/thassos4x4/httpdocs/administrator/components/com_expose/uploadimg.php' not found or unable to stat.
This IP is related with spam and other suspicius activities (google it). What was he looking for?
Take care. :)
-
he tried to upload files in your server....
very common....
-
But he stay on "TRY" :D
-
MUST say that till now ELXIS have NOT ever been HACKED!!! congratulations!!!
but there are many other ways to hack directly a server bypassing any elxis and it's mechanisms... i mean not using elxis at all!
never close your eyes ... never say that elxis will stop any attack...... ELXIS can successfully guard it's SELF but....
can't guarantee your server's safety especially if it is full of holes in other areas such as php-settings, wrong file permissions in various files and a lot of other staff.
keep looking , never stop and avoid:
store passwords in browsers
simple passwords
777 permissions in files and folders
php-risky settings
components not compatible with elxis
other low security scripts working on your server