Welcome, Guest
Username: Password: Remember me
here you can submit any topics related ExtraWatch

TOPIC: unwanted access to extrawatch from malicious ip

unwanted access to extrawatch from malicious ip 8 months 3 weeks ago #945

Hello,

My website has been visited from a malicious ip.
The links they try were : (I changed mywebsite name here ...)

http://mywebsite/?option=com_ajax&module=extrawatch_agent&format=raw&origin=frontend&ewToken=bdf7d4aff43c5472f422e6131082d992eb9378fc&task=ajax&action=img&rand=0.234480088882961&env=ExtraWatchJoomlaEnv&ref=&title=mywebsite%20-%20Home&uri=_SLASH_&referringQuery=&getParams=
http://mywebsite/?option=com_ajax&module=extrawatch_agent&format=raw&origin=frontend&ewToken=bdf7d4aff43c5472f422e6131082d992eb9378fc&task=ajax&action=heatmap.include.js&env=ExtraWatchJoomlaEnv&id=0&extraWatchHeatmap=&extraWatchDay=¶ms=getParams%3D&title=mywebsite%20-%20Home&uri=/

I have a waf that blocked these attempts, but I would like to know what did they try to do, is there a security hole in your product by entering the pattern they use. If so do you know this problem ?

Thank you for your help and support.

Olivier
The administrator has disabled public write access.

unwanted access to extrawatch from malicious ip 8 months 2 weeks ago #946

Hi,
WAF reports that, because of the special chars in the URL.

You can try visiting the same URL yourself, and check whether it's reported

There are no additional parameters passed with these URLs which would indicate some kind of SQL injection or other script execution.
The administrator has disabled public write access.
Time to create page: 0.107 seconds

ExtraWatch is proudly featured at:

This widget is powered by website.informer.com

X

Drop us your message