Security Log Error – dvmessages.php, Joomla hack probe recon

Home Forums BulletProof Security Pro Security Log Error – dvmessages.php, Joomla hack probe recon

Tagged: ,

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • April 11, 2013 at 8:14 pm #4178
    Paul D.
    Participant

    Greetings!

    Our test website is getting a lot of 403 Security error messages coming from a folder path in the plugins directory (system) that is not existing when I checked plugins directory in cpanel..  Also the remote address and hostname varies for the error logs generated. Any idea why this is so ? Thanks. (see error log below)

    >>>>>>>>>>> 403 GET or Other Request Error Logged - April 11, 2013 - 10:12 am <<<<<<<<<<<
REMOTE_ADDR: ipaddresshere
Host Name: hostnamehere
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /plugins/system/dvmessages.php?c_id=ZWNobygicnQ3NDM5ODEyIik7
QUERY_STRING:
HTTP_USER_AGENT:
    April 12, 2013 at 6:58 am #4193
    AITpro Admin
    Keymaster

    This is some sort of hacker recon/probe.  Yep, I was starting to wonder about the extremely high number of logged events recently I have been seeing in both security logs and php error logs.  Apparently a massive well organized worldwide Brute Force password attack is going on against WordPress sites.

    http://forum.ait-pro.com/forums/topic/global-brute-force-attack-on-wordpress-sites/

     

    April 12, 2013 at 7:47 am #4204
    AITpro Admin
    Keymaster

    Also this is a Joomla hacking probe/recon.  dvmessages.php is a Joomla file.

    The reason this Joomla hacking probe/recon generates a 403 error is because the Plugin Firewall completely protects your plugins folder.  Since the request was made to the /plugins folder then it is automatically blocked/Forbidden.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.