How to deal with such a hacking attempt?

S

Stalker_darkway2015-12-23 06:06:29

PHP

Stalker_darkway, 2015-12-23 06:06:29

Hello. In the event log, I found an attempt to inject PHP code through requests.
And there are such introductions to folders that do not exist (or I do not see them).
I follow this link where the code was embedded:
blueberry.ru/bitrix/components/bitrix/main.post.form/templates/.default/components/com_hdflvplayer/hdflvplayer/download.php/?f=configuration.php
and there displays a window from proactive protection that there are potentially dangerous requests.
How to deal with it? What to do?
Thanks in advance for your replies.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

P

pingo, 2015-12-23
@pingo

somehow they asked joomla to get rid of injects and webshells.. there are a
billion files and folders.. I’m generally silent about the /cache folders.. spam from the host was pouring in tons..
scanners did not give any effect.
sat and thought, and did this:
registered in htaccess
which simply logged all requests, well, like
there were a lot of requests, and ultimately filtered out the malware and found where
the webshells lay and where the injections were introduced.

S

Sergey, 2015-12-23
@Logic87

I think you don't need to puzzle over this. The main thing is that the system copes. It will be difficult to study and understand the many types of attacks. Be glad that you don't have WordPress or Joomla.