Osclass forums
Support forums => General help => 3.7.x => Topic started by: Aficionado on September 28, 2017, 11:12:17 am
-
Hi,
Yesterday all my Osclass sites (4 now) were extremely slow, dead slow that is. Looking at the logs, i found hundreds of those in all sites (with different cookie values in each):
27/Sep/17 20:28:17 #2282169 critical 256 144.76.159.106 GET /index.php - SQL injection - [COOKIE:osclass = noun318iu4s1b2eoovoh9v3uq4' and 3>'1] - www . website . eu
27/Sep/17 20:28:17 #4975402 critical 256 144.76.159.106 GET /index.php - SQL injection - [COOKIE:osclass = noun318iu4s1b2eoovoh9v3uq4' and 3>'4] - www . website . eu
27/Sep/17 20:28:23 #5947452 critical 256 144.76.159.106 GET /index.php - SQL injection - [COOKIE:osclass = noun318iu4s1b2eoovoh9v3uq4" and 3>"1] - www . website . eu
27/Sep/17 20:28:24 #6065584 critical 256 144.76.159.106 GET /index.php - SQL injection - [COOKIE:osclass = noun318iu4s1b2eoovoh9v3uq4" and 3>"4] - www . website . eu
All came from 144.76.159 - your-server.de - Germany - Hetzner group.
Today the attack doesn't seem to happen.
Any ideas what those are ? What is that "cookie" thing ?
Thanks
-
At the same time, also hundreds of those:
27/Sep/17 04:43:18 #1618427 critical - 189.90.46.118 POST /index.php - BASE64-encoded injection - [POST:filter = cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTsgICAgI
CAgICAgICAgICAgU0VUIEBTQUxUID0gJ3JwJzsgICAgICAgICAgICAgICAgU0VUIEBQQVNTID0gQ09OQ0FUKE1ENShDT05DQV...] - www . website . com
From Brazil.
Both attacks seem blocked from our firewall, still it seems strange to have several attacks yesterday after a long time.
-
seems to me like random/generic attacks to see if your website or server is vulnerable (server itself or php version). They don't seems to be targeted toward osclass code itself.
-
seems to me like random/generic attacks to see if your website or server is vulnerable (server itself or php version). They don't seems to be targeted toward osclass code itself.
Thanks, nice to know that. As i said, both were 100% blocked, it was the COOKIE OSCLASS that made me worry.
-
I'm constantly receiving attacks today, coordinated in all my Osclass sites (strange since they are split in two hostings).
Same attacks (non-Osclass specific), with seconds difference from different IPs, proxies, TOR, Romania and Russia mainly.
Blocked i hope (from what i see but .... are they all ?), still i wonder if anyone else is seeing anything like it.
-
I just checked a few minutes ago in raw access. In my case those kind of attempts don't apear.
-
I wrote above that the attacks are not Osclass specific, meaning that i don't see any paths or files that belong to Osclass.
BUT since in both my hosting plans (2) i also run a couple of Wordpress sites, those sites don't seem to suffer from any such attacks.
So they are only targeting my Osclass sites.
-
I just checked a few minutes ago in raw access. In my case those kind of attempts don't apear.
I have hundreds of COORDINATED Directory traversal attempts mainly.
-
I am also receiving similar spam bot visits every minutes for all Osclass webs, I am blocking IP BLOCKS numbers into HTACCESS .
As you say, Hertzner Germany IP blocks are used for this mostly...I have totally blocked all IP block of HERTZNER.