Just curious if anyone else has

page not found

logs showing up and they are linked to something like

.com/Philadelphia-Eagles-Reggie-White-Mitchell-Ness-Midnight-Green-Replica-Retired-Player-Jersey.aspx

?

A google search of the last keywords returned random sites. Am I suffering from paranoia? or is there something I don't know about?

Comments

VM’s picture

page not founds can be common if, for example, paths are changing. Does the path to the page not found look familiar?

random paths in the logs are common to all sites. bots & humans testing some kind of exploit, an incorrect url used in a browser .. etc.

litnrod’s picture

Thanks for the reply, sorry it took so long to respond...life ... The paths do not look familiar, but, looking into the other sites, your suggestion of "testing for exploits" seems logical.

It appears to be a never ending cycle coming in spurts

litnrod’s picture

An update on this, apparently one of the 3 sites on the server (all running drupal) was hacked. I located a file in the upper directory called hit.php as well as several other files random placed. What tipped it was one of the other sites was getting not connecting to db error. It took a minute but I found 2 little lines in the htaccess file. I removed them and the site was back. That started my full on investigation.

The hit.php file has a domain listed right in the top
$Foxgo->domain="www.bragmybag.com";
right after this is the line
$Foxgo->linker=2; //这行要是链接的行书内容,2就表示读取linker.txt的第二行内容
it translates to

if this line of fame content links, 2 says that the second line reads linker.txt content

I've recently updated core and all modules, and I Believe I got all the suspicious files. My log shows up with the occasional jersey.aspx, but, is loading up with

page not found hit.php/../../