jDownloadsownloads.com

Advertisement
Advertisement:

Author Topic: Attack  (Read 3420 times)

0 Members and 1 Guest are viewing this topic.

Offline borja

  • Jr. Member
  • **
  • Posts: 68
Attack
« on: 17.03.2015 15:39:25 »
Hello i've got this version
jDownloads 1.9.1.3 Stable

and i've receive from one of my hosting this:

SCAN ID: 031615-0440.5081
TIME: Mar 16 04:44:48 +0100
PATH: /var/www/vhosts/*/httpdocs
RANGE: 2 days
TOTAL FILES: 2448
TOTAL HITS: 6
TOTAL CLEANED: 0

FILE HIT LIST:
{HEX}php.nested.base64.529 : /var/www/vhosts/midominio.org/httpdocs/web/images/jdownloads/screenshots/roin.php2.j => /usr/local/maldetect/quarantine/roin.php2.j.4075
{HEX}php.nested.base64.529 : /var/www/vhosts/midominio.org/httpdocs/web/images/jdownloads/screenshots/roin.php1.j => /usr/local/maldetect/quarantine/roin.php1.j.10216
{HEX}php.nested.base64.529 : /var/www/vhosts/midominio.org/httpdocs/web/images/jdownloads/screenshots/roin.php.j => /usr/local/maldetect/quarantine/roin.php.j.32224
{HEX}php.nested.base64.529 : /var/www/vhosts/midominio.org/httpdocs/web/images/jdownloads/screenshots/roin.php0.j => /usr/local/maldetect/quarantine/roin.php0.j.32207
{HEX}php.nested.base64.529 : /var/www/vhosts/midominio.org/httpdocs/web/images/jdownloads/screenshots/roin.php4.j => /usr/local/maldetect/quarantine/roin.php4.j.19668
{HEX}php.nested.base64.529 : /var/www/vhosts/midominio.org/httpdocs/web/images/jdownloads/screenshots/roin.php3.j => /usr/local/maldetect/quarantine/roin.php3.j.31934

Some files have been created. I looked my logs iǘe got his:

195.62.181.45 - - [15/Mar/2015:15:31:41 +0100] "GET /web/ihtml&sa=U&ei=-JIFVduKO8njU-elgLAJ&ved=0CJsBEBYwGjiWAQ&usg=AFQjCNEGUCf7c97aADASxBM6eqvJpDsHyw/images/jdownloads/screenshots/roin.php.j HTTP/1.0" 500 2154 "-" "Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"



Is this an attack? what can i do to prevent this attack?

Offline ColinM

  • jD Tester
  • *
  • Posts: 3.152
Re: Attack
« Reply #1 on: 17.03.2015 17:53:03 »
Hi
You need to upgrade to jD 1.9.1.6  which is in the archives  - also look at forum
 Suggest you also PM to Arno to ask for help as I am not familiar with the jd!.9 series in detail

Colin

Offline borja

  • Jr. Member
  • **
  • Posts: 68
Re: Attack
« Reply #2 on: 19.03.2015 08:49:21 »
I've updated to this version a few minutes ago. It's like somebody is uploading new file to my system although the frontend upload is disabled. I see that there is an important security bug resolved in this version. Do you think i sholud upload to 2.5? I see that this version is still beta and the migration processs is complex. i would update to joomla 3 in few weeks and hopefullt install a more modern ersion of jdownloads.

Offline ColinM

  • jD Tester
  • *
  • Posts: 3.152
Re: Attack
« Reply #3 on: 19.03.2015 19:48:36 »
Hi
It would be beter to go straight to jD3.2 series as all future development will be on jD 3.2 and successors.  Also it is easier than going through jD2.5

Colin

 

Advertisement