Can anyone tell me what is going on

  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6807
  • Loc: Martinsburg, WV

Post 3+ Months Ago

Most of you are more knowledgeable about this stuff than I am so that is why I am posting here.

On my website I have a box that lets me know how many people are online. I keep noticing a large number of visitors so I check my logs to see what is going on and I see this:

Attachments:
strange things.JPG

Log File



I use reCAPTCHA for comments by unregistered members and I am wondering if it is some kind of spambot going crazy trying to crack the CAPTCHA or what? The IP is the same for all the entries and is never the same country. This new one is Lithuania. Yesterday is was the Netherlands.

I also have a module installed called PHPIDS and at the same time that is going on PHPIDS reports a SQL injection probe from the same IP.

So what exactly are they trying to do? I have blocked the offending IP's.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Probably botnet systems looking for Drupal exploits present on your system.
  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6807
  • Loc: Martinsburg, WV

Post 3+ Months Ago

Well that isn't very nice. Good thing I keep Drupal and modules up to date.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

If you can use grep/findstr on the system, occasionally look for the words "iframe" and "eval" in the sites source files. (*.html, *.php, etc) those seem to be popular exploit types on opensource applications.

A few SQL queries to scan through text input fields long enough to hold an <iframe> or <script> element can't hurt either, but those mean going through the database schema and determining which ones to check.

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 12 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.