HI Nicholas,
Happy new year to you...
Pretty much all of my sites (c. 53 off) run Joomla latest version which, for this last update was done within a few days of the furore around the Zero Day vulnerability in Mid December 2015. (Dates Vary)
All of my sites run both Akeeba backup and Admin Tools (OK so I am a big fan still and been using your Extensions as a matter of course for the last 5 years at least....
On checking the log files there are Definitely entries from the offending IP's but
IP addresses involved are as follows:
* 146.0.72.83
* 74.3.170.33
* 194.28.174.106
However, my understanding was that the MUA shield would guard against any malicious attacks and on the few sites that I have so far checked there are certainly trapped IP's marked down as blocked by the MAU shield (albeit they are not those highlighted above)
My question is this - how do I tell if any of these attacks got through? (my "helpful" tech support man at Heart internet tells me that if there is evidence of attempts in the logs then I need to assume the site is compromised!) There certainly is the evidence (see below) but not any other obvious effect.
Example log entries as follows:
* dazlious.org 202.69.240.70 - - [16/Jan/2016:12:32:56 +0000] "GET / HTTP/1.1" 200 20104 "-" "}__test|O:21:\"JDatabaseDriverMysqli\":3:{s:2:\"fc\...
* carolcumber.com 146.0.72.83 - - [14/Dec/2015:11:55:08 +0000] "GET / HTTP/1.1" 200 4788 "-" "}__test|O:21:\"JDatabaseDriverMysqli\....
* naturalharmonycentre.co.uk 194.28.174.106 - - [14/Dec/2015:21:03:27 +0000] "GET / HTTP/1.1" 200 16651 "http://google.com/" "}__test|O:21:\"JDatabaseDriverMysqli\"....
I am also being told that the only way to overcome an effected site is to restore from a backup prior to the attack and/or completely rebuild the site. Given the fact that I place these backups into my AWS S3 account with a 10 day lifecycle on the Receiving bin most of these are no longer there! (Now reset to 30 days!!)
Sorry to be so wordy by as ever, would really appreciate your clarity...
Happy new year to you...
Pretty much all of my sites (c. 53 off) run Joomla latest version which, for this last update was done within a few days of the furore around the Zero Day vulnerability in Mid December 2015. (Dates Vary)
All of my sites run both Akeeba backup and Admin Tools (OK so I am a big fan still and been using your Extensions as a matter of course for the last 5 years at least....
On checking the log files there are Definitely entries from the offending IP's but
IP addresses involved are as follows:
* 146.0.72.83
* 74.3.170.33
* 194.28.174.106
However, my understanding was that the MUA shield would guard against any malicious attacks and on the few sites that I have so far checked there are certainly trapped IP's marked down as blocked by the MAU shield (albeit they are not those highlighted above)
My question is this - how do I tell if any of these attacks got through? (my "helpful" tech support man at Heart internet tells me that if there is evidence of attempts in the logs then I need to assume the site is compromised!) There certainly is the evidence (see below) but not any other obvious effect.
Example log entries as follows:
* dazlious.org 202.69.240.70 - - [16/Jan/2016:12:32:56 +0000] "GET / HTTP/1.1" 200 20104 "-" "}__test|O:21:\"JDatabaseDriverMysqli\":3:{s:2:\"fc\...
* carolcumber.com 146.0.72.83 - - [14/Dec/2015:11:55:08 +0000] "GET / HTTP/1.1" 200 4788 "-" "}__test|O:21:\"JDatabaseDriverMysqli\....
* naturalharmonycentre.co.uk 194.28.174.106 - - [14/Dec/2015:21:03:27 +0000] "GET / HTTP/1.1" 200 16651 "http://google.com/" "}__test|O:21:\"JDatabaseDriverMysqli\"....
I am also being told that the only way to overcome an effected site is to restore from a backup prior to the attack and/or completely rebuild the site. Given the fact that I place these backups into my AWS S3 account with a 10 day lifecycle on the Receiving bin most of these are no longer there! (Now reset to 30 days!!)
Sorry to be so wordy by as ever, would really appreciate your clarity...
