Sign in to follow this  
pauld

Found my admin area after this in my logs

Recommended Posts

Hi all,

I don't know if this is M2e, but this is what greeted me today;

I have removed my admin dir with *removed*

It appears "possible" that the hacking attempt was from "GET /index.php/M2ePro/adminhtml_support/index HTTP/1.1" 302 3419 "-" "-"

Please note, I don't have Showroom or aheadmetrics or comm or amfeed

Magento Version 1.7.0.2  with all patches.

M2epro Version

(M2E Pro ver. 6.4.13)

any thoughts or guidance appreciated!

 

Regards, Paul

 

162.241.71.189 - - [17/Nov/2019:00:21:37 +1100] "GET /index.php/ajax/Showroom/submit/?id=19fX0= HTTP/1.1" 404 47375 "-" "-"
162.241.71.189 - - [17/Nov/2019:00:21:40 +1100] "GET /index.php/ajax/Showroom/submit/?id=19fX0= HTTP/1.1" 404 47383 "-" "-"
162.241.71.189 - - [17/Nov/2019:00:50:51 +1100] "GET /index.php/ajax/Showroom/submit/jt9fX0= HTTP/1.1" 404 47599 "-" "-"
162.241.71.189 - - [17/Nov/2019:00:50:53 +1100] "GET /index.php/ajax/Showroom/submit/t9fX0= HTTP/1.1" 404 47606 "-" "-"
162.241.71.189 - - [17/Nov/2019:04:27:52 +1100] "GET /index.php/ajax/Showroom/submit/jt9fX0= HTTP/1.1" 404 47599 "-" "-"
162.241.71.189 - - [17/Nov/2019:04:27:54 +1100] "GET /index.php/ajax/Showroom/submit/Tjt9fX0= HTTP/1.1" 404 47607 "-" "-"
162.241.71.189 - - [18/Nov/2019:01:18:35 +1100] "GET /index.php/aheadmetrics/auth/index/19fX0= HTTP/1.1" 404 47836 "-" "-"
162.241.71.189 - - [18/Nov/2019:01:18:37 +1100] "GET /index.php/aheadmetrics/auth/index/19fX0= HTTP/1.1" 404 47844 "-" "-"
162.241.71.189 - - [18/Nov/2019:03:41:47 +1100] "GET /comm/message/crqu/?data=19fX0= HTTP/1.1" 404 47352 "-" "-"
162.241.71.189 - - [18/Nov/2019:03:41:49 +1100] "GET /comm/message/crqu/?data=19fX0= HTTP/1.1" 404 47360 "-" "-"
162.241.71.189 - - [19/Nov/2019:03:48:45 +1100] "GET /index.php/amfeed/main/download/?file=../../../app/etc/local.xml HTTP/1.1" 404 45827 "-" "-"
162.241.71.189 - - [19/Nov/2019:03:48:47 +1100] "GET /index.php/amfeed/main/download/?file=../../../app/etc/local.xml HTTP/1.1" 404 45835 "-" "-"
162.241.71.189 - - [20/Nov/2019:05:17:41 +1100] "GET /index.php/M2ePro/adminhtml_support/index HTTP/1.1" 302 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:03:56 +1100] "POST /index.php/*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:03:57 +1100] "GET /index.php/*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:03:58 +1100] "POST /index.php/*removed* HTTP/1.1" 200 3533 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:12:41 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:12:41 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:12:43 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:23:49 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:23:51 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:23:52 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:56:07 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3AnKTs= HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:56:08 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:00:56:09 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-"
162.241.71.189 - - [21/Nov/2019:04:40:41 +1100] "POST /*removed*/cms_wysiwyg/directive/?forwarded=1&___directive=e3pOw== HTTP/1.1" 400 226 "-" "-"
162.241.71.189 - - [21/Nov/2019:04:40:42 +1100] "GET /*removed* HTTP/1.1" 200 3419 "-" "-"
162.241.71.189 - - [21/Nov/2019:04:40:43 +1100] "POST /*removed* HTTP/1.1" 200 3533 "-" "-"

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this