Jump to content

nedd's Content

There have been 2 items by nedd (Search limited from 08-Dec 18)


Sort by                Order  

#184602 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by nedd on 29 May 2014 - 11:02 PM in Security

Here is my report:

I didn't found any of the mentioned files (js/thumbs.php and images/test.gif) after first warning from May 26, deleted Atos and HSBC files and folders per instruction, as of today can't locate any suspicious changes in other files and folders and site behavior, BUT access and error logs shows suspicious activity from May 23.

Please check and advise. Thx

***********


ACCESS LOG:

173.236.23.161 - - [23/May/2014:19:23:07 +0300] "GET /xxx.php?version HTTP/1.1" 200 42 "-" "Mozilla/5.2 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/27.0.568.596 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:23:08 +0300] "GET /xxx.php?version HTTP/1.1" 200 42 "-" "Mozilla/4.2 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/12.6.610.1115 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:23:08 +0300] "POST /index.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 302 0 "-" "Mozilla/6.9 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/39.0.572.1039 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:23:10 +0300] "GET /index.php?dispatch=checkout.checkout HTTP/1.1" 302 0 "-" "Mozilla/6.9 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/39.0.572.1039 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:23:10 +0300] "GET /index.php?dispatch=checkout.cart HTTP/1.1" 200 26570 "-" "Mozilla/6.9 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/39.0.572.1039 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:23:11 +0300] "GET /images/test.gif HTTP/1.1" 404 389 "-" "Mozilla/8.1 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/27.7.215.107 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:23:12 +0300] "POST /index.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 302 0 "-" "Mozilla/3.4 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/30.6.295.1202 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:23:13 +0300] "GET /index.php?dispatch=checkout.checkout HTTP/1.1" 302 0 "-" "Mozilla/3.4 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/30.6.295.1202 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:23:13 +0300] "GET /index.php?dispatch=checkout.cart HTTP/1.1" 200 26572 "-" "Mozilla/3.4 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/30.6.295.1202 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:23:14 +0300] "GET /images/test.gif HTTP/1.1" 404 389 "-" "Mozilla/1.9 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/38.6.681.1113 Safari/537.11"


173.236.23.161 - - [23/May/2014:19:54:09 +0300] "GET /xxx.php?version HTTP/1.1" 200 42 "-" "Mozilla/7.9 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/21.3.231.1244 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:54:10 +0300] "GET /xxx.php?version HTTP/1.1" 200 42 "-" "Mozilla/3.7 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/21.7.33.834 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:54:10 +0300] "POST /index.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 302 0 "-" "Mozilla/5.5 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/26.2.351.1273 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:54:11 +0300] "GET /index.php?dispatch=checkout.checkout HTTP/1.1" 302 0 "-" "Mozilla/5.5 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/26.2.351.1273 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:54:12 +0300] "GET /index.php?dispatch=checkout.cart HTTP/1.1" 200 26569 "-" "Mozilla/5.5 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/26.2.351.1273 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:54:13 +0300] "GET /images/test.gif HTTP/1.1" 404 389 "-" "Mozilla/6.1 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/20.7.57.1142 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:54:13 +0300] "POST /index.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 302 0 "-" "Mozilla/8.2 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/15.6.386.777 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:54:14 +0300] "GET /index.php?dispatch=checkout.checkout HTTP/1.1" 302 0 "-" "Mozilla/8.2 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/15.6.386.777 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:54:15 +0300] "GET /index.php?dispatch=checkout.cart HTTP/1.1" 200 26569 "-" "Mozilla/8.2 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/15.6.386.777 Safari/537.11"
173.236.23.161 - - [23/May/2014:19:54:16 +0300] "GET /images/test.gif HTTP/1.1" 404 389 "-" "Mozilla/1.3 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/24.4.467.1197 Safari/537.11"

ERROR LOG:

[23-May-2014 18:23:09 Europe/Berlin] PHP Warning: exec() has been disabled for security reasons in /home/xxx/public_html/payments/atos.php on line 218
[23-May-2014 18:23:09 Europe/Berlin] PHP Warning: Invalid argument supplied for foreach() in /home/xxx/public_html/core/fn.cart.php on line 1314
[23-May-2014 18:23:09 Europe/Berlin] PHP Warning: substr_count() [<a href='function.substr-count'>function.substr-count</a>]: Empty substring in /home/xxx/public_html/core/fn.cart.php on line 3016
[23-May-2014 18:23:12 Europe/Berlin] PHP Warning: exec() has been disabled for security reasons in /home/xxx/public_html/payments/atos.php on line 218
[23-May-2014 18:23:12 Europe/Berlin] PHP Warning: Invalid argument supplied for foreach() in /home/xxx/public_html/core/fn.cart.php on line 1314
[23-May-2014 18:23:12 Europe/Berlin] PHP Warning: substr_count() [<a href='function.substr-count'>function.substr-count</a>]: Empty substring in /home/xxx/public_html/core/fn.cart.php on line 3016
[23-May-2014 18:54:10 Europe/Berlin] PHP Warning: exec() has been disabled for security reasons in /home/xxx/public_html/payments/atos.php on line 218
[23-May-2014 18:54:10 Europe/Berlin] PHP Warning: Invalid argument supplied for foreach() in /home/xxx/public_html/core/fn.cart.php on line 1314
[23-May-2014 18:54:10 Europe/Berlin] PHP Warning: substr_count() [<a href='function.substr-count'>function.substr-count</a>]: Empty substring in /home/xxx/public_html/core/fn.cart.php on line 3016
[23-May-2014 18:54:14 Europe/Berlin] PHP Warning: exec() has been disabled for security reasons in /home/xxx/public_html/payments/atos.php on line 218
[23-May-2014 18:54:14 Europe/Berlin] PHP Warning: Invalid argument supplied for foreach() in /home/xxx/public_html/core/fn.cart.php on line 1314
[23-May-2014 18:54:14 Europe/Berlin] PHP Warning: substr_count() [<a href='function.substr-count'>function.substr-count</a>]: Empty substring in /home/xxx/public_html/core/fn.cart.php on line 3016



#175547 Your License Has Expired. Renew Now To Avoid The Program Being Suspended.

Posted by nedd on 20 January 2014 - 01:29 PM in General Questions

As of today, the same message pops up.

2.2.5