|
إنضمامك إلي منتديات استراحات زايد يحقق لك معرفة كل ماهو جديد في عالم الانترنت ...
انضم الينا
#1
| ||
| ||
Hi I cannot 100% pinpoint the location or the method but I had an email saying I requested to reset my password then i had another saying it was successfully changed despite not clicking it. I checked my mail history and its not been accessed since it requires mobile access to login. Now, I checked the logs for the IP and found the following; Code: root@dmca [/home/domain/access-logs]# cat forum.domain.com | grep 91.236.116.142 91.236.116.142 - - [21/Jan/201313:46 +0000] "GET / HTTP/1.1" 200 11488 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:22 +0000] "GET /register.php HTTP/1.1" 200 10000 "http://forum.domain.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:28 +0000] "GET /clientscript/vbulletin_css/style00115l/register.css?d=1358021545 HTTP/1.1" 200 338 "http://forum.domain.com/register.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:34 +0000] "GET /login.php HTTP/1.1" 303 26 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:39 +0000] "GET /index.php HTTP/1.1" 200 11494 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:45 +0000] "GET /f71/ HTTP/1.1" 200 13247 "http://forum.domain.com/index.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:50 +0000] "GET /f71/forum-rules-101410/ HTTP/1.1" 200 12843 "http://forum.domain.com/f71/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:50 +0000] "GET /f71/forum-rules-101410/images/styles/AnimatedArena/style_blue/loginButton.gif HTTP/1.1" 404 40 "http://forum.domain.com/f71/forum-rules-101410/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:50 +0000] "GET /f71/forum-rules-101410/images/styles/AnimatedArena/style_blue/footerLogo.png HTTP/1.1" 404 40 "http://forum.domain.com/f71/forum-rules-101410/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:51 +0000] "GET /f71/forum-rules-101410/images/styles/AnimatedArena/style/logo_blue.png HTTP/1.1" 404 40 "http://forum.domain.com/f71/forum-rules-101410/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201314:59 +0000] "GET /usercp.php HTTP/1.1" 200 6749 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201315:07 +0000] "POST /login.php?do=login HTTP/1.1" 200 6594 "http://forum.domain.com/usercp.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201315:12 +0000] "GET /login.php?do=lostpw HTTP/1.1" 200 6619 "http://forum.domain.com/login.php?do=login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201330:02 +0000] "GET /usercp.php HTTP/1.1" 200 6782 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201330:04 +0000] "GET /cron.php?rand=1358789402 HTTP/1.1" 200 43 "http://forum.domain.com/usercp.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201330:37 +0000] "POST /login.php?do=login HTTP/1.1" 200 2365 "http://forum.domain.com/usercp.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201330:41 +0000] "GET /usercp.php HTTP/1.1" 200 6868 "http://forum.domain.com/login.php?do=login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201331:01 +0000] "GET / HTTP/1.1" 200 6398 "http://forum.domain.com/usercp.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201332:39 +0000] "GET / HTTP/1.1" 200 11489 "http://forum.domain.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201332:49 +0000] "GET /usercp.php HTTP/1.1" 200 6749 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201333:06 +0000] "POST /login.php?do=login HTTP/1.1" 200 6244 "http://forum.domain.com/usercp.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201333:14 +0000] "GET / HTTP/1.1" 200 11488 "http://forum.domain.com/login.php?do=login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201333:08 +0000] "GET /login.php?do=lostpw HTTP/1.1" 200 6618 "http://forum.domain.com/login.php?do=login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201334:17 +0000] "GET /arcade.php?do=pnFStoreScore HTTP/1.1" 200 666 "http://forum.domain.com/arcade.php?do=pnFStoreScore" "Mozilla/5.0" 91.236.116.142 - - [21/Jan/201334:17 +0000] "GET /arcade.php?do=pnFStoreScore HTTP/1.1" 200 623 "http://forum.domain.com/arcade.php?do=pnFStoreScore" "Mozilla/5.0" 91.236.116.142 - - [21/Jan/201334:24 +0000] "POST /login.php?do=emailpassword HTTP/1.1" 200 2403 "http://forum.domain.com/login.php?do=lostpw" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201334:27 +0000] "GET /login.php?do=login HTTP/1.1" 303 26 "http://forum.domain.com/login.php?do=emailpassword" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201334:27 +0000] "GET /index.php HTTP/1.1" 200 11494 "http://forum.domain.com/login.php?do=emailpassword" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201336:13 +0000] "GET /arcade.php?do=pnFStoreScore HTTP/1.1" 200 665 "http://forum.domain.com/arcade.php?do=pnFStoreScore" "Mozilla/5.0" 91.236.116.142 - - [21/Jan/201336:13 +0000] "GET /arcade.php?do=pnFStoreScore HTTP/1.1" 200 659 "http://forum.domain.com/arcade.php?do=pnFStoreScore" "Mozilla/5.0" 91.236.116.142 - - [21/Jan/201336:18 +0000] "GET /login.php?do=resetpassword&u=1&i=8e3849c72ee420c42 6fea00f50947f226aabf1f6 HTTP/1.1" 200 6381 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4" 91.236.116.142 - - [21/Jan/201336:46 +0000] "GET /arcade.php?do=pnFStoreScore HTTP/1.1" 200 667 "http://forum.domain.com/arcade.php?do=pnFStoreScore" "Mozilla/5.0" 91.236.116.142 - - [21/Jan/201336:46 +0000] "GET /arcade.php?do=pnFStoreScore HTTP/1.1" 200 648 "http://forum.domain.com/arcade.php?do=pnFStoreScore" "Mozilla/5.0" What I find interesting is the browser identity string. Most are normal but some contain no valid header so it appears to be some sort of script coming from arcade.php? But no injection code is actually being displayed. What do you suggest? Regards. __DEFINE_LIKE_SHARE__ |
مواقع النشر (المفضلة) |
| |
المواضيع المتشابهه | ||||
الموضوع | كاتب الموضوع | المنتدى | مشاركات | آخر مشاركة |
Forum admincp password protection issue | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 01-09-2013 12:10 AM |
Forum resetting the PM Count | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 09-24-2010 08:11 PM |
Forum Resetting User Count | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 09-15-2010 11:49 AM |
Forum Login issue password is shown | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 07-21-2010 12:00 PM |
Forum Password issue | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 04-13-2009 03:20 AM |