Pokušaj hackiranja ili ???

Autor ButinaMiso, 19. Prosinac 2012, 23:13

0 Članovi i 1 Gost pregledava ovu temu.

ButinaMiso

Kolege pozzz,
evo novi sam na forumu i opčenito u joomli. Održavam stranicu centra gdje radim i u zadnje vrijeme mi se u cpanelu u administracijskom direktoriju javljaju neki fileovi zbog kojih mislim da je stranica pokušana biti hackirana. Evo i C/P teksta iz fila koji ima naziv res0b1f44e7f0b2dbe677f14079775fcfac a ovo je sadržaj

HTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 21:48:04 GMT
Content-Type: text/html
Content-Length: 19
Connection: close
Server: Nginx / Varnish
X-Powered-By: PHP/5.2.17

GIF89a1
lockedHTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 20:39:16 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,User-Agent
Content-Length: 10
Connection: close
Content-Type: text/html

lockedHTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 21:48:02 GMT
Server: Apache
X-Powered-By: PHP/5.4.9
Content-Length: 0
Connection: close
Content-Type: text/html

HTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 21:48:07 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8g PHP/5.2.11 with Suhosin-Patch
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

a
locked
0

HTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 21:48:10 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

a
locked
0

HTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 21:48:09 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.17
Content-Length: 0
Connection: close
Content-Type: text/html

HTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 21:48:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

a
locked
0

HTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 21:48:27 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

a
locked
0

HTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 21:45:39 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

19
###KamiKaze###
repeat
0

HTTP/1.1 200 OK
Date: Wed, 19 Dec 2012 21:48:48 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

19
###KamiKaze###
repeat
0

Mislav

Provjeri sljedeći post: (Bernard [ORION] - odgovor 4)
http://forum.joomla.hr/index.php/topic,3968.msg13086.html#msg13086

Općenito ako se pojavljuju file-ovi kojima nije mjesto po "defaultu", vjerojatno se radi o pokušaju hackiranja.

Da li je diran ".htaccess" file, ubacivani neki .gif file-ovi koji sadržavaju php? Prođi sa skenerom kojeg je napisao Bernard, provjeri vulnerability listu / verziju joomle update-aj (prije svega napravi OBAVEZNO (full)backup.
System, hosting & server administrator
http://mislav.eu/