pauld

Admin, please delete as no response. Thanks.

Hi all, I don't know if this is M2e, but this is what greeted me today; I have removed my admin dir with *removed* It appears "possible" that the hacking attempt was from "GET /index.php/M2ePro/adminhtml_support/index HTTP/1.1" 302 3419 "-" "-" Please note, I don't have Showroom or aheadmetrics or comm or amfeed Magento Version 1.7.0.2 with all patches. M2epro Version (M2E Pro ver. 6.4.13) any thoughts or guidance appreciated! Regards, Paul 162.241.71.189 - - [17/Nov/2019:00:21:37 +1100] "GET /index.php/ajax/Showroom/submit/?id=19fX0= HTTP/1.1" 404 47375 "-" "-" 162.241.71.189 - - [17/Nov/2019:00:21:40 +1100] "GET /index.php/ajax/Showroom/submit/?id=19fX0= HTTP/1.1" 404 47383 "-" "-" 162.241.71.189 - - [17/Nov/2019:00:50:51 +1100] "GET /index.php/ajax/Showroom/submit/jt9fX0= HTTP/1.1" 404 47599 "-" "-" 162.241.71.189 - - [17/Nov/2019:00:50:53 +1100] "GET /index.php/ajax/Showroom/submit/t9fX0= HTTP/1.1" 404 47606 "-" "-" 162.241.71.189 - - [17/Nov/2019:04:27:52 +1100] "GET /index.php/ajax/Showroom/submit/jt9fX0= HTTP/1.1" 404 47599 "-" "-" 162.241.71.189 - - [17/Nov/2019:04:27:54 +1100] "GET /index.php/ajax/Showroom/submit/Tjt9fX0= HTTP/1.1" 404 47607 "-" "-" 162.241.71.189 - - [18/Nov/2019:01:18:35 +1100] "GET /index.php/aheadmetrics/auth/index/19fX0= HTTP/1.1" 404 47836 "-" "-" 162.241.71.189 - - [18/Nov/2019:01:18:37 +1100] "GET /index.php/aheadmetrics/auth/index/19fX0= HTTP/1.1" 404 47844 "-" "-" 162.241.71.189 - - [18/Nov/2019:03:41:47 +1100] "GET /comm/message/crqu/?data=19fX0= HTTP/1.1" 404 47352 "-" "-" 162.241.71.189 - - [18/Nov/2019:03:41:49 +1100] "GET /comm/message/crqu/?data=19fX0= HTTP/1.1" 404 47360 "-" "-" 162.241.71.189 - - [19/Nov/2019:03:48:45 +1100] "GET /index.php/amfeed/main/download/?file=../../../app/etc/local.xml HTTP/1.1" 404 45827 "-" "-" 162.241.71.189 - - [19/Nov/2019:03:48:47 +1100] "GET /index.php/amfeed/main/download/?file=../../../app/etc/local.xml HTTP/1.1" 404 45835 "-" "-" 162.241.71.189 - - [20/Nov/2019:05:17:41 +1100] "GET /index.php/M2ePro/adminhtml_support/index HTTP/1.1" 302 3419 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:03:56 +1100] "POST /index.php/*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:03:57 +1100] "GET /index.php/*removed* HTTP/1.1" 200 3419 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:03:58 +1100] "POST /index.php/*removed* HTTP/1.1" 200 3533 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:12:41 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:12:41 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:12:43 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:23:49 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:23:51 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:23:52 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:56:07 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:56:08 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-" 162.241.71.189 - - [21/Nov/2019:00:56:09 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-" 162.241.71.189 - - [21/Nov/2019:04:40:41 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3pOw== HTTP/1.1" 400 226 "-" "-" 162.241.71.189 - - [21/Nov/2019:04:40:42 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-" 162.241.71.189 - - [21/Nov/2019:04:40:43 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-"