Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the tickets before posting? yes
Have I read the documentation before posting (which pages?)? yes
Joomla! version: 2.5.14
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: 2.5.6
Description of my issue:
Just uploaded my live site a week ago, having configured most of Akeeba ATP settings as instructed.
Got an interesting Breach Report:
Blocking reason: dfishield
-------------------------------------------------------------------------------
Date/time : 2013-08-16 09:50:26 GMT
URL : http://MYSITE.com/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form
User : Guest
IP : 79.143.176.250
Country : (unknown country)
Continent : (unknown continent)
UA : libwww-perl/6.04
Hash : post
Variables :
Array
(
[upload-dir] => ../../
[Filedata] =>
[upload-overwrite] => 0
[upload-name] =>
[action] => upload
)
I do not have any JCE component installed AFAIK, except for the TinyMCE.
Steps taken:
I've now blocked the IP above in the blacklist
Project Honeypot is down so I can' t check with it.
Just enabled logs after the attempt, so nothing to see there.
Done a diff of all files, nothing I can see that stands out
I did a database diff and found that there are about 2-3 dozen new redirects (_redirect_links) from my old joomla site domain but they don't point anywhere.
Have I been hacked or is any of the above a coincidence?
Many thanks
Nvir
Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the tickets before posting? yes
Have I read the documentation before posting (which pages?)? yes
Joomla! version: 2.5.14
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: 2.5.6
Description of my issue:
Just uploaded my live site a week ago, having configured most of Akeeba ATP settings as instructed.
Got an interesting Breach Report:
Blocking reason: dfishield
-------------------------------------------------------------------------------
Date/time : 2013-08-16 09:50:26 GMT
URL : http://MYSITE.com/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form
User : Guest
IP : 79.143.176.250
Country : (unknown country)
Continent : (unknown continent)
UA : libwww-perl/6.04
Hash : post
Variables :
Array
(
[upload-dir] => ../../
[Filedata] =>
[upload-overwrite] => 0
[upload-name] =>
[action] => upload
)
I do not have any JCE component installed AFAIK, except for the TinyMCE.
Steps taken:
I've now blocked the IP above in the blacklist
Project Honeypot is down so I can' t check with it.
Just enabled logs after the attempt, so nothing to see there.
Done a diff of all files, nothing I can see that stands out
I did a database diff and found that there are about 2-3 dozen new redirects (_redirect_links) from my old joomla site domain but they don't point anywhere.
Have I been hacked or is any of the above a coincidence?
Many thanks
Nvir
