security log

Fragen zur Installation von CONTENIDO 4.9? Probleme bei der Konfiguration? Hinweise oder Fragen zur Entwicklung des Systemes oder zur Sicherheit?
Antworten
shi
Beiträge: 214
Registriert: Fr 5. Nov 2004, 14:12
Kontaktdaten:

security log

Beitrag von shi » Fr 26. Okt 2018, 14:36

Hallo, ich habe hin und wieder logs in der security.txt. Kann aber damit nix anfangen. Vielleicht weis ja einer von euch auf was sich das bezieht?

Code: Alles auswählen

    [vlid] => deleted
    [BIGipServer~Duni~www_duni_com_HTTP_Pool] => 1701512970.20480.0000
    [sid_1_1] => deleted
    [0880f493b158fe87be8e4628f9b1a5c2] => deleted
    [4a0cb54955338c4d0d0173ef57fd9413] => deleted
    [bm_sz] => deleted
    [_abck] => deleted
    [siteDC] => deleted
    [rlLanguage] => deleted
    [dfea8fe9bc1cc1f6f881e5934085a163] => deleted
    [goks] => deleted
    [GOTHAERSESSIONID] => deleted
    [SesameAuth] => deleted
    [SMANONYMOUSSESSION] => Q1LkoSmlaqd3aeWJWHd4ownZGCJBNFwZ/lSdLCGFCnUqcERBeyDDpAzgbuw6mOO9N2tpZTCUZ3sWC5HxB2vPa5c7U4lDWtAegJSHQbWfgWhTfTgJX3dMpVx2K AM1PxT5iLBVP1MpQSUiG3wwMmC53cMr6rLg1EX970EQkPpXm/Nj9ctDOgFe1B e7V2xl29yLXgBvbPhlceHcxM
    [SMSESSION] => deleted
    [CmsSid] => 2550048960.20480.0000
    [woinst] => deleted
    [wosid] => deleted
    [BW-LB] => deleted
    [ROUTEID] => deleted
    [uncode_privacy] => Array
        (
            [consent_types] => []
        )

    [4a9d9462964c6ef3ffad72660eee11ac] => deleted
    [672ad47e092af70256be3f4430aa29a9] => deleted
    [caec954b1d6862ad40c3c1b734bf55e3] => deleted
    [TS018cf634] => deleted
    [bdeSessionId] => deleted
    [tal_n_] => deleted
    [alvineSessionID] => deleted
    [CP5XKN6QLDFWUC] => deleted
    [lang] => deleted
    [isp] => deleted
    [country] => deleted
    [rrcomzendsession] => deleted
    [userFrontendLangId] => deleted
    [TS0144e789] => deleted
    [490eade193f7ddc8d13e3376c6259f65] => deleted
    [c8b25e35ba9d3e153144dd4ef8913287] => deleted
    [gdpr] => Array
        (
            [allowed_cookies] => [""]
            [consent_types] => []
        )

    [WebSessionID] => deleted
    [NETMIND_SID] => deleted
    [NETMIND_PERMSID] => deleted
    [b45a42245a10453c02d1569cca13ebc6] => deleted
    [aposession] => deleted
    [blaser_geolocate] => deleted
    [1513374ec17fb012f156eee15c4242b0] => deleted
    [804125cd29bd8bdd98231f2ecc1227b1] => deleted
    [5ef4057c7e687ff6b966ed9611c5c7b0] => deleted
    [ARRAffinity] => 16a848b5f90db731fac8fe06b5f590dc1b20d0a1465ab9ae168f20b50b1b57bf
    [806cbf58d29c10511a118a1c5d51191b] => deleted
    [language] => deleted
    [ANONID] => ZAFC484E461EF78EF
    [6b641c1c2d80877fea4f8f1b317af201] => deleted
    [8f43a2dee906a159c9782e21977d8f11] => deleted
    [wfvt_1497836818] => deleted
    [wfvt_-677485808] => deleted
    [SID] => deleted
    [ADRUM_BT1] => deleted
    [distributionSpace] => deleted
    [EASY-ACTION] => deleted
    [EASYID_PRD] => deleted
    [ADRUM_BTa] => deleted
    [userHash] => deleted
    [landingTime] => deleted
    [WKDA] => deleted
    [SCID] => deleted
    [461fa247b679b8bd29a91951085617e4] => deleted
    [BIGipServer~ASP~asp-common_80] => deleted
    [SRVNAME] => deleted
    [70ff936c4ca2cd5471680f3c34035308] => deleted
    [5a2c67b4928ffe5745bb882ad7942d17] => deleted
    [_Fiona7_session] => deleted
    [immobilienscout24_persist] => 27468042.20480.0000
    [VISITOR] => returning
    [NEW_VISITOR] => new
    [4217337b756220541649126a8ef16d0c] => 490d956358db69c2f98382604dcea439
    [citrix_ns_id] => uGzYpt1oZ3aZUJaosrufDCj43X80001
    [8aea5953b92a0b810976cf90b6608883] => 1218632a323d198cab7b4d6eeaaf9e60
    [ASPSESSIONIDAAQTSTDB] => LJEEAOHAKIHKMBIKKILPKBHF
    [stat] => 138940434120181026142643
    [ncore_session] => JCETVzxMqjuvVgbeTBhCBLaYO4Bobo
    [028a5147be3eae20cca358363d915975] => 63a3ad60f7339d29c2f72fb114c74f20
    [352fd7181a365c0149fca8c53e9e8b9d] => 08b5d15b33481f53042d83b86a158bf2
    [b33859c7d640ba26d0c33517d83869b2] => hiu6ajreugkmol3oo5ooju63l7
    [aa3b67899e3c022eaab7e60888c44dfa] => ebva26lha4usef3kdvm6u70ju0
    [NSC_mc_wt_qspyz_DNTGbsn52_80_iuuq] => ffffffff0902a93145525d5f4f58455e445a4a423660
    [NSC_vojdfg_xxx_vojdfg_ef] => ffffffffda4d5aad45525d5f4f58455e445a4a423660
    [4d28a86065f4c21e7b9f68010c39c0d0] => 31f2371ce179276e76bf086d6cc3b76a
    [recon] => q3frontaachh3d664gjb4efuq6
    [43c4a6932da235d45cfc4099c95420ca] => c5ecdea9a166d3ece2257ffab4d48624
)


xmurrix
Beiträge: 2680
Registriert: Do 21. Okt 2004, 11:08
Wohnort: Augsburg
Kontaktdaten:

Re: security log

Beitrag von xmurrix » Fr 26. Okt 2018, 15:37

Hallo shi,

das sind Ergebnisse der Prüfung der Request-Daten. Anfragen auf CONTENIDO Seiten werden sehr früh validiert, dabei werden Inhalte von GET, POST, COOKIE auf ihre syntaktische Gültigkeit hin überprüft. Manche Parameter dürfen nur Werte mit Zahlen enthalten, manche wiederum Zahlen und Buchstaben, aber keine Sonderzeichen usw..

Auf den ersten Blick fällt mir folgende Zeile auf:

Code: Alles auswählen

    ...
    [lang] => deleted
    ...
Der Parameter lang wird in CONTENIDO für die Sprache verwendet, in diesem Logeintrag ist der Wert davon "deleted". Das wird dann bei der Prüfung sehr wahrscheinlich erkannt und die Daten des Requests landen in der security log.

Vermutlich handelt es sich um einen Versuch, das System anzugreifen, irgendein davorgeschalteter Filter hat vermutlich die Inhalte schon bereinigt, daher kommt beim CMS vieles mit dem Wert "deleted" an.

Ich würde die IP der Quelle für diese Anfragen ermitteln und diese IP sperren.

Gruß
xmurrix

Antworten