Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
By litnrod on
Just curious if anyone else has
page not found
logs showing up and they are linked to something like
.com/Philadelphia-Eagles-Reggie-White-Mitchell-Ness-Midnight-Green-Replica-Retired-Player-Jersey.aspx
?
A google search of the last keywords returned random sites. Am I suffering from paranoia? or is there something I don't know about?
Comments
=-=
page not founds can be common if, for example, paths are changing. Does the path to the page not found look familiar?
random paths in the logs are common to all sites. bots & humans testing some kind of exploit, an incorrect url used in a browser .. etc.
Thanks for the reply, sorry
Thanks for the reply, sorry it took so long to respond...life ... The paths do not look familiar, but, looking into the other sites, your suggestion of "testing for exploits" seems logical.
It appears to be a never ending cycle coming in spurts
An update on this, apparently
An update on this, apparently one of the 3 sites on the server (all running drupal) was hacked. I located a file in the upper directory called hit.php as well as several other files random placed. What tipped it was one of the other sites was getting not connecting to db error. It took a minute but I found 2 little lines in the htaccess file. I removed them and the site was back. That started my full on investigation.
The hit.php file has a domain listed right in the top
$Foxgo->domain="www.bragmybag.com";
right after this is the line
$Foxgo->linker=2; //这行要是链接的行书内容,2就表示读取linker.txt的第二行内容
it translates to
I've recently updated core and all modules, and I Believe I got all the suspicious files. My log shows up with the occasional jersey.aspx, but, is loading up with