Hi all,
I don't know if this is M2e, but this is what greeted me today;
I have removed my admin dir with *removed*
It appears "possible" that the hacking attempt was from "GET /index.php/M2ePro/adminhtml_support/index HTTP/1.1" 302 3419 "-" "-"
Please note, I don't have Showroom or aheadmetrics or comm or amfeed
Magento Version 1.7.0.2 with all patches.
M2epro Version
(M2E Pro ver. 6.4.13)
any thoughts or guidance appreciated!
Regards, Paul
162.241.71.189 - - [17/Nov/2019:00:21:37 +1100] "GET /index.php/ajax/Showroom/submit/?id=19fX0= HTTP/1.1" 404 47375 "-" "-"
162.241.71.189 - - [17/Nov/2019:00:21:40 +1100] "GET /index.php/ajax/Showroom/submit/?id=19fX0= HTTP/1.1" 404 47383 "-" "-"
162.241.71.189 - - [17/Nov/2019:00:50:51 +1100] "GET /index.php/ajax/Showroom/submit/jt9fX0= HTTP/1.1" 404 47599 "-" "-"
162.241.71.189 - - [17/Nov/2019:00:50:53 +1100] "GET /index.php/ajax/Showroom/submit/t9fX0= HTTP/1.1" 404 47606 "-" "-"
162.241.71.189 - - [17/Nov/2019:04:27:52 +1100] "GET /index.php/ajax/Showroom/submit/jt9fX0= HTTP/1.1" 404 47599 "-" "-"
162.241.71.189 - - [17/Nov/2019:04:27:54 +1100] "GET /index.php/ajax/Showroom/submit/Tjt9fX0= HTTP/1.1" 404 47607 "-" "-"
162.241.71.189 - - [18/Nov/2019:01:18:35 +1100] "GET /index.php/aheadmetrics/auth/index/19fX0= HTTP/1.1" 404 47836 "-" "-"
162.241.71.189 - - [18/Nov/2019:01:18:37 +1100] "GET /index.php/aheadmetrics/auth/index/19fX0= HTTP/1.1" 404 47844 "-" "-"
162.241.71.189 - - [18/Nov/2019:03:41:47 +1100] "GET /comm/message/crqu/?data=19fX0= HTTP/1.1" 404 47352 "-" "-"
162.241.71.189 - - [18/Nov/2019:03:41:49 +1100] "GET /comm/message/crqu/?data=19fX0= HTTP/1.1" 404 47360 "-" "-"
162.241.71.189 - - [19/Nov/2019:03:48:45 +1100] "GET /index.php/amfeed/main/download/?file=../../../app/etc/local.xml HTTP/1.1" 404 45827 "-" "-"
162.241.71.189 - - [19/Nov/2019:03:48:47 +1100] "GET /index.php/amfeed/main/download/?file=../../../app/etc/local.xml HTTP/1.1" 404 45835 "-" "-"
162.241.71.189 - - [20/Nov/2019:05:17:41 +1100] "GET /index.php/M2ePro/adminhtml_support/index HTTP/1.1" 302 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:03:56 +1100] "POST /index.php/*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:03:57 +1100] "GET /index.php/*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:03:58 +1100] "POST /index.php/*removed* HTTP/1.1" 200 3533 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:12:41 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:12:41 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:12:43 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:23:49 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:23:51 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:23:52 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:56:07 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:56:08 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:56:09 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-"
162.241.71.189 - - [21/Nov/2019:04:40:41 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3pOw== HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:04:40:42 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:04:40:43 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-"