[support] Security problem ?
Benoit Chabrier
chab at chab.info
Sun Mar 20 13:02:23 UTC 2011
Hi,
as I'm new to Drupal, I used Drupal Gardens in a first time and now I've
imported my website directly to my server.
The problem I have is that for the second time in 2 weeks my copyright image
in the bottom of my website site is "hacked"...
You can see it here : www.chab.info
Nothing else changed. Last week when I happened I changed my drupal admin
and mysql password and I added restrictive rules in my firewall (iptables),
however it happened again !
Now Drupal want to search the copyright image in a china server :
http://58.218.204.110/sites/default/files/styles/large/public/copyright_0.png
instead of
http://www.chab.info/sites/default/files/styles/large/public/copyright_0.png
To correct it last time, I just edit the copyright block and validated it
again with no change and it corrected the path.
I already have fail2ban and a good security level for apache (in my
opinion), so I don't know what to do now ?
Thanks in advance to give me any idea, comment ?
It seems (see logs below) that this chinese server want to see if I have a
proxy running (I don't). But why and HOW did it change my website content
???
Here are the apache's logs (errors) :
58.218.204.110 - - [13/Mar/2011:15:49:51 +0100] "GET
http://98.126.15.13/proxyheader.php HTTP/1.1" 404 25195 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [14/Mar/2011:12:30:38 +0100] "GET
http://www.eduju.com/proxyheader.php HTTP/1.1" 404 25219 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [14/Mar/2011:16:37:02 +0100] "GET
http://www.mtajp.com/proxyheader.php HTTP/1.1" 404 25219 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [14/Mar/2011:20:45:36 +0100] "GET
http://98.126.64.106/judge123.php HTTP/1.1" 404 25204 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [15/Mar/2011:00:52:37 +0100] "GET
http://www.cjpjp.com/proxyheader.php HTTP/1.1" 404 25219 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [15/Mar/2011:04:59:41 +0100] "GET
http://www.cjpjp.com/proxyheader.php HTTP/1.1" 404 25219 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [15/Mar/2011:13:18:18 +0100] "GET
http://www.foodnese.com/indux.php HTTP/1.1" 404 25285 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [15/Mar/2011:17:24:56 +0100] "GET
http://www.mtajp.com/proxyheader.php HTTP/1.1" 404 25218 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [16/Mar/2011:05:51:12 +0100] "GET
http://58.218.199.147:7182/judge.php HTTP/1.1" 404 25225 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [17/Mar/2011:02:32:28 +0100] "GET
http://58.218.204.110:7182/judge.php HTTP/1.1" 404 25225 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [17/Mar/2011:23:11:37 +0100] "GET
http://ppcfinder.net/judge.php HTTP/1.1" 404 25188 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [18/Mar/2011:15:45:51 +0100] "GET
http://www.eduju.com/proxyheader.php HTTP/1.1" 404 25218 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [19/Mar/2011:04:11:31 +0100] "GET
http://www.shopsline.com/proxyheader.php HTTP/1.1" 404 25346 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [19/Mar/2011:12:26:38 +0100] "GET
http://58.218.204.110:7182/judge.php HTTP/1.1" 404 25226 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20110320/8e6d543a/attachment.html
More information about the support
mailing list