21
cucoket
Re: myxoops.org hacked!
  • 2005/9/7 8:14

  • cucoket

  • Just popping in

  • Posts: 23

  • Since: 2004/7/7 5


Sorry for the late response!

I copied here the log:

2005-09-01 09:11:46 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /xoops.css 200 0 1158 420 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:46 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /favicon.ico 200 0 1678 392 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba -
2005-09-01 09:11:46 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /themes/blue_lagoon/style.css 200 0 492 439 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:47 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /index.php 200 0 19575 409 1484 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 - -
2005-09-01 09:11:47 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /include/xoops.js 200 0 118 412 235 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:48 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /themes/blue_lagoon/images/page_flip_l.gif 200 0 642 453 16 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:48 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /themes/blue_lagoon/images/title.gif 200 0 739 447 453 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:49 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /images/road.gif 200 0 1361 427 453 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:49 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /images/house.gif 200 0 899 428 1031 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:49 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /themes/blue_lagoon/images/page_flip_r.gif 200 0 639 453 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:49 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /themes/blue_lagoon/images/cellpic_bkg.jpg 200 0 922 453 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:49 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/count/index.php id=count&s=1 200 0 722 432 203 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:50 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /themes/blue_lagoon/images/cellpic_nav.gif 200 0 1214 453 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:50 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /themes/blue_lagoon/images/cellpic3.gif 200 0 652 450 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:50 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /themes/blue_lagoon/images/cellpic1.gif 200 0 503 450 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:11:50 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/count/count.swf cgi=cgi=http://www.ria1.org/modules/count/index.php&total=1816&yes=6&today=7&you=1&load=end& 200 0 1531 634 219 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 countyet=1;+countcount=2;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:12:05 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb 301 0 405 566 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1123591941;+newbb_topics_viewed=4%7C18726533;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:12:06 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/index.php 200 0 11771 567 454 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1123591941;+newbb_topics_viewed=4%7C18726533;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/
2005-09-01 09:12:06 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/folder_new_big.gif 200 0 273 557 15 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583925;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/
2005-09-01 09:12:06 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /images/subject/icon1.gif 200 0 425 450 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/
2005-09-01 09:12:06 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/pixel.gif 200 0 326 548 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583925;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/
2005-09-01 09:12:06 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/folder_big.gif 200 0 284 553 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583925;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/
2005-09-01 09:12:06 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/folder_locked_big.gif 200 0 212 560 15 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583925;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/
2005-09-01 09:12:14 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/viewforum.php forum=1 400 1229 8351 633 704 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583925;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/
2005-09-01 09:12:14 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/viewforum.php forum=1 200 109 11309 633 1015 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583925;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/
2005-09-01 09:12:14 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/post.gif 200 0 665 568 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583933;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewforum.php?forum=1
2005-09-01 09:12:14 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/folder.gif 200 0 1178 570 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583933;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewforum.php?forum=1
2005-09-01 09:12:14 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/red_folder.gif 200 0 1183 574 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583933;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewforum.php?forum=1
2005-09-01 09:12:14 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /images/icons/no_posticon.gif 200 0 497 475 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewforum.php?forum=1
2005-09-01 09:12:15 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/hot_folder.gif 200 0 897 574 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583933;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewforum.php?forum=1
2005-09-01 09:12:15 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/hot_red_folder.gif 200 0 920 578 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583933;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewforum.php?forum=1
2005-09-01 09:12:15 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/lock.gif 200 0 1132 568 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583933;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewforum.php?forum=1
2005-09-01 09:12:15 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/folder_sticky.gif 200 0 1783 577 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583933;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewforum.php?forum=1
2005-09-01 09:12:21 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/viewtopic.php topic_id=2&forum=1 200 0 13087 665 484 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583933;+newbb_topics_viewed=4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewforum.php?forum=1
2005-09-01 09:12:21 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /uploads/rank3e632f95e81ca.gif 200 0 632 487 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewtopic.php?topic_id=2&forum=1
2005-09-01 09:12:22 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /images/icons/reply.gif 200 0 1052 480 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewtopic.php?topic_id=2&forum=1
2005-09-01 09:12:22 219.195.90.2 W3SVC449 WIN10 64.8.123.45 80 GET /uploads/blank.gif 200 0 325 475 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewtopic.php?topic_id=2&forum=1
2005-09-01 09:13:43 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 POST /user.php 200 0 1139 731 157 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewtopic.php?topic_id=2&forum=1
2005-09-01 09:14:01 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/viewtopic.php topic_id=2&forum=1200 109 12426 616 2922 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125583941;+newbb_topics_viewed=2%7C18759733%2C4%7C18726533;+NewBBLastVisitTemp=1123591941;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba -
2005-09-01 09:14:14 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/move_topic.gif 200 0 715 571 15 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125584038;+newbb_topics_viewed=2%7C18759734%2C4%7C18726533;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewtopic.php?topic_id=2&forum=1&
2005-09-01 09:14:14 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /images/icons/delete.gif 200 0 1052 483 16 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewtopic.php?topic_id=2&forum=1&
2005-09-01 09:14:18 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /images/icons/edit.gif 200 0 1044 481 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewtopic.php?topic_id=2&forum=1&
2005-09-01 09:14:19 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /admin.php 200 0 2405 549 125 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/newbb/viewtopic.php?topic_id=2&forum=1&
2005-09-01 09:14:26 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/style.css 200 0 1986 445 16 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:32 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /include/layersmenu.js 200 0 260 427 16 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:43 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/hbar_right.gif 200 0 645 458 16 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:43 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/xoops2.gif 200 0 979 454 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:43 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/hbar_left.gif 200 0 639 457 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:47 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/system_slogo.png 200 0 494 460 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:48 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/logo.gif 200 0 1687 452 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:50 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/mylinks/images/mylinks_slogo.png 200 0 469 462 16 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:51 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/xoopspoll/images/xoopspoll_slogo.png 200 0 433 466 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:54 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/myalbum/images/myalbum_slogo.gif 200 0 625 462 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:55 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/protector/images/protector_slogo.gif 200 0 686 466 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:57 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/newbb/images/xoopsbb_slogo.png 200 0 732 536 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 NewBBLastVisit=1125584038;+newbb_topics_viewed=2%7C18759734%2C4%7C18726533;+PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:57 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/menu.gif 200 0 406 452 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:57 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/mydownloads/images/mydl_slogo.png 200 0 332 463 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:59 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/news/images/news_slogo.png 200 0 813 456 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:14:59 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/addresses/images/addresses_slogo.png 200 0 567 466 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:01 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/xoopspartners/images/logo.png 200 0 498 459 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:01 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/xoopsheadline/images/headline_slogo.png 200 0 1 469 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:04 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/sections/images/sections_slogo.png 200 0 213 464 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:04 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/agendax/agendax_slogo.png 200 0 814 455 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:05 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /images/pointer.gif 200 0 564 440 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:06 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/hbar_middle.gif 200 0 508 459 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:10 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/admin.php fct=groups 200 0 4076 537 312 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:13 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/bg_menu.gif 200 0 393 455 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:14 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/bg_content.gif 200 0 550 458 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/admin.php
2005-09-01 09:15:23 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/bg_content.gif 200 0 550 484 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/system/admin.php?fct=groups
2005-09-01 09:15:24 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/images/menu.gif 200 0 406 478 0 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/system/admin.php?fct=groups
2005-09-01 09:15:39 217.133.0.152 W3SVC449 WIN10 64.8.123.45 80 GET /modules/system/admin.php fct=groups&op=modify&g_id=1 200 0 4735 580 468 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+ja-JP;+rv:1.7.10)+Gecko/20050717+Firefox/1.0.6 PHPSESSID=9587487bc5681893fbf5fd50cf5b68ba http://www.ria1.org/modules/system/admin.php?fct=groups


He changed his IP at 09:13:43 and logged in only once and gained the admin right!

I cannot find anything else.

Who has rxperience pls take a look!

Thanks

22
jaquita
Re: myxoops.org hacked!
  • 2005/9/7 14:29

  • jaquita

  • Just popping in

  • Posts: 22

  • Since: 2005/9/4 1


At a first glance at the logs it appears the intruder was using newBB just before, during, and immediately after gaining access. Also, the PHPSESSIONID is exactly the same throughout that log sequence although it comes from two different IP's. I didn't know that was possible.

It also looks like "/modules/newbb/viewtopic.php topic_id=2&forum=1" was important during the core sequence up to gaining admin access. After that, it's not used anymore.

Those are just observations of the log. Exactly what it means within the XOOPS framework I don't know.

Good luck.

jaquita

23
Antoine
Re: myxoops.org hacked!
  • 2005/9/7 14:47

  • Antoine

  • Friend of XOOPS

  • Posts: 112

  • Since: 2004/11/14


It probably isn't possible to look up the user-types by session-id anymore (e.g. did the user visiting the boards have admin rights), but as far as I can see the IP change might signify an XSS attack. All the more reason to at least never allow admins to change IP during a session.

24
LazyBadger
Re: myxoops.org hacked!

My dirty thinking
I see only one POST (with GETs you can't get privileges escalation), thus - I suuppose, some XSS-exploit was embedded into user's profile (obviously - into signature or avatar) and forum topic with this user's posting (done before) was used for acticating exploit
Quis custodiet ipsos custodes?

Webmaster of
XOOPS2.RU
XOOPS Modules Proving Ground
XOOPS Themes Exhibition

25
jaquita
Re: myxoops.org hacked!
  • 2005/9/7 15:06

  • jaquita

  • Just popping in

  • Posts: 22

  • Since: 2005/9/4 1


I noticed that single POST as well and was wondering about it. I'm not very familiar with the XOOPS code (yet) but is it possible to post php code, or any executable code for that matter, into a forum message that could then be executed when the message is loaded through a direct call?

Just wondering.

jaquita

26
Antoine
Re: myxoops.org hacked!
  • 2005/9/7 15:12

  • Antoine

  • Friend of XOOPS

  • Posts: 112

  • Since: 2004/11/14


Theoretically: Yes. Would have to check the sanitation of all variables involved to be sure. Don't think anything as obvious as the main message body can be used to XSS though.

27
comflash2
Re: myxoops.org hacked!
  • 2005/9/7 15:16

  • comflash2

  • Just popping in

  • Posts: 51

  • Since: 2005/1/1 1


Sorry to say.. No wonder your were hacked. Your newbb vunerable to the cross site scripting (and SQL injection ??) that can allow user to steal cookie-based authentication credentials. its very easy to exploit.. no need REAL HACKERS to do that. its in newbb/viewtopic.php, for "topic-id" and "forum" URI parameters .
Act Like Lightning FLASH

28
frankblack
Re: myxoops.org hacked!
  • 2005/9/7 15:36

  • frankblack

  • Just can't stay away

  • Posts: 830

  • Since: 2005/6/13


So I have to switch the forum (from newbb 2.02) to a safer version. BUT does cbb1.14 has the same vulnerabilities?

29
skara
Re: myxoops.org hacked!
  • 2005/9/7 16:46

  • skara

  • Friend of XOOPS

  • Posts: 84

  • Since: 2004/9/24


?? did you had Protector module installed ??
the art of war is to know the weakness of your enemy

30
phppp
Re: myxoops.org hacked!
  • 2005/9/7 17:32

  • phppp

  • XOOPS Contributor

  • Posts: 2857

  • Since: 2004/1/25


Quote:

frankblack wrote:
So I have to switch the forum (from newbb 2.02) to a safer version. BUT does cbb1.14 has the same vulnerabilities?


Neither Newbb 2.* nor CBB 1.*/2.* has the vulnerability.
The topic_id related security bug was been fixed in XOOPS 2.073 (or 2.09?)

Login

Who's Online

319 user(s) are online (249 user(s) are browsing Support Forums)


Members: 0


Guests: 319


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits