Apache access & error logs showing unlawful use - need help
Posted: 04. November 2009 05:50
Hi folks
Ive got some weird stuff going on. For example about every 4 seconds an access & error log entries are being made by someone who trying to go or get to store.apple.com/au/cart (this alone worries me greatly).
Here is a sample of bopth the access and error logs.
Im using xampp 1.7.1 for windows and running joomla 1.5.14. It appears I have a vunerability somewhere !
ACCESS LOG
21.208.91.229 - - [04/Nov/2009:15:02:50 +1100] "GET /40715998/?site=40715998&cmd=inPage&page=http%3A//store.apple.com/au/cart%3Fcid%3DAOSA10000026879&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=9422450535&scriptVersion=1.1&d=1257307370125&&PAGEVAR!ConversionStage=AOS%3A%20cart&PAGEVAR!Section=product%20selection&PAGEVAR!ErrorMessage=&SESSIONVAR!Conversion-Stage=AOS%3A%20cart&SESSIONVAR!Site-Section=product%20selection&cobrowse=true&cookie=asbid%3DsHHDKK4CPP7DFYHA4%3B%20dssid2%3D895E1633-839A-4A0B-A99B-28E5C2F6462B%3B%20s_campaign%3DAOSA10000026879%3B%20s_cc%3Dtrue%3B%20s_cvp35%3D%255B%255B%2527www.miniclip.com%2527%252C%25271226305888446%2527%255D%252C%255B%2527google%253A%2520organic%2527%252C%25271233022117912%2527%255D%255D%3B%20s_sq%3D%255B%255BB%255D%255D%3B%20s_vi%3D%5BCS%5Dv1%7C4821228600006E76-A290B28000006B4%5BCE%5D%3B%20s_vnum_us%3Dch%253Dip%2526vn%253D1%253B&title=Cart%20-%20Apple%20Store%20%28Australia%29&referrer= HTTP/1.1" 404 1305
124.191.112.55 - - [04/Nov/2009:15:02:53 +1100] "GET /40715998/?site=40715998&cmd=inPage&page=http%3A//store.apple.com/au/cart&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=8699907620&scriptVersion=1.1&d=1257307373091&&PAGEVAR!ConversionStage=AOS%3A%20cart&PAGEVAR!Section=product%20selection&PAGEVAR!ErrorMessage=&SESSIONVAR!Conversion-Stage=AOS%3A%20cart&SESSIONVAR!Site-Section=product%20selection&cobrowse=true&cookie=__utma%3D125090010.3292315921621627000.1242441223.1242441223.1242441223.1%3B%20__utmz%3D125090010.1242441223.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%28direct%29%7Cutmcmd%3D%28none%29%3B%20ac_survey%3D1%3B%20asbid%3Ds7XXC9HU9KC2UCYAJ%3B%20ccl%3DE3hOtesyEa51yj+hqx2OYw%3D%3D%3B%20DefaultAppleID%3Dgearing@mac.com%3B%20dssid2%3D58c7ae02-8243-467f-b380-9ed472b03cfe%3B%20geo%3DAU%3B%20Pod%3D21%3B%20s_cc%3Dtrue%3B%20s_cvp35%3D%255B%255B%2527google%253A%2520organic%2527%252C%25271244497646288%2527%255D%252C%255B%2527WWW-NAUS-ITMS-TRAILERS-IPODTOUCH%2527%252C%25271244862446206%2527%255D%252C%255B%2527google%253A%2520organic%2527%252C%25271246251587180%2527%255D%252C%255B%2527MobileMe-NEWF%2527%252C%25271246604133444%2527%255D%252C%255B%2527google%253A%2520organic%2527%252C%25271256792192135%2527%255D%255D%3B%20s_ppv%3D69%3B%20s_ria%3DFlash%252010%257C%3B%20s_sq%3Dappleauhome%253D%252526pid%25253Dapple%25252520-%25252520index%25252520%25252528au%25252529%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.apple.com/au/store/_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B%20s_v35%3Dgoogle%253A%2520organic%3B%20s_vi%3D%5BCS%5Dv1%7C475D173000001948-A2B0B9000000979%5BCE%5D%3B%20s_vnum_au%3Dch%253Dhomepage%2526vn%253D4%253Bch%253Dmac%2526vn%253D2%253Bch%253Dmacbookpro%2526vn%253D2%253Bch%253Dmacbook%2526vn%253D2%253Bch%253Dsearch%2526vn%253D1%253Bch%253Ditunes%2526vn%253D3%253Bch%253Dipodnano%2526vn%253D1%253Bch%253Dip%2526vn%253D2%253Bch%253Dmacosxserver%2526vn%253D1%253B%3B%20s_vnum_kb%3Dch%253Dsupport%2526vn%253D1%253B&title=Cart%20-%20Apple%20Store%2&referrer= HTTP/1.1" 404 1261
ERROR LOG
[Wed Nov 04 15:02:48 2009] [error] [client 124.191.112.55] File does not exist: C:/xampp/htdocs/Joomla15/40715998, referer: http://store.apple.com/au/cart
[Wed Nov 04 15:02:50 2009] [error] [client 121.208.91.229] File does not exist: C:/xampp/htdocs/Joomla15/40715998, referer: http://store.apple.com/au/cart?cid=AOSA10000026879
Any help is appreciated.
Thanks
John
Ive got some weird stuff going on. For example about every 4 seconds an access & error log entries are being made by someone who trying to go or get to store.apple.com/au/cart (this alone worries me greatly).
Here is a sample of bopth the access and error logs.
Im using xampp 1.7.1 for windows and running joomla 1.5.14. It appears I have a vunerability somewhere !
ACCESS LOG
21.208.91.229 - - [04/Nov/2009:15:02:50 +1100] "GET /40715998/?site=40715998&cmd=inPage&page=http%3A//store.apple.com/au/cart%3Fcid%3DAOSA10000026879&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=9422450535&scriptVersion=1.1&d=1257307370125&&PAGEVAR!ConversionStage=AOS%3A%20cart&PAGEVAR!Section=product%20selection&PAGEVAR!ErrorMessage=&SESSIONVAR!Conversion-Stage=AOS%3A%20cart&SESSIONVAR!Site-Section=product%20selection&cobrowse=true&cookie=asbid%3DsHHDKK4CPP7DFYHA4%3B%20dssid2%3D895E1633-839A-4A0B-A99B-28E5C2F6462B%3B%20s_campaign%3DAOSA10000026879%3B%20s_cc%3Dtrue%3B%20s_cvp35%3D%255B%255B%2527www.miniclip.com%2527%252C%25271226305888446%2527%255D%252C%255B%2527google%253A%2520organic%2527%252C%25271233022117912%2527%255D%255D%3B%20s_sq%3D%255B%255BB%255D%255D%3B%20s_vi%3D%5BCS%5Dv1%7C4821228600006E76-A290B28000006B4%5BCE%5D%3B%20s_vnum_us%3Dch%253Dip%2526vn%253D1%253B&title=Cart%20-%20Apple%20Store%20%28Australia%29&referrer= HTTP/1.1" 404 1305
124.191.112.55 - - [04/Nov/2009:15:02:53 +1100] "GET /40715998/?site=40715998&cmd=inPage&page=http%3A//store.apple.com/au/cart&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=8699907620&scriptVersion=1.1&d=1257307373091&&PAGEVAR!ConversionStage=AOS%3A%20cart&PAGEVAR!Section=product%20selection&PAGEVAR!ErrorMessage=&SESSIONVAR!Conversion-Stage=AOS%3A%20cart&SESSIONVAR!Site-Section=product%20selection&cobrowse=true&cookie=__utma%3D125090010.3292315921621627000.1242441223.1242441223.1242441223.1%3B%20__utmz%3D125090010.1242441223.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%28direct%29%7Cutmcmd%3D%28none%29%3B%20ac_survey%3D1%3B%20asbid%3Ds7XXC9HU9KC2UCYAJ%3B%20ccl%3DE3hOtesyEa51yj+hqx2OYw%3D%3D%3B%20DefaultAppleID%3Dgearing@mac.com%3B%20dssid2%3D58c7ae02-8243-467f-b380-9ed472b03cfe%3B%20geo%3DAU%3B%20Pod%3D21%3B%20s_cc%3Dtrue%3B%20s_cvp35%3D%255B%255B%2527google%253A%2520organic%2527%252C%25271244497646288%2527%255D%252C%255B%2527WWW-NAUS-ITMS-TRAILERS-IPODTOUCH%2527%252C%25271244862446206%2527%255D%252C%255B%2527google%253A%2520organic%2527%252C%25271246251587180%2527%255D%252C%255B%2527MobileMe-NEWF%2527%252C%25271246604133444%2527%255D%252C%255B%2527google%253A%2520organic%2527%252C%25271256792192135%2527%255D%255D%3B%20s_ppv%3D69%3B%20s_ria%3DFlash%252010%257C%3B%20s_sq%3Dappleauhome%253D%252526pid%25253Dapple%25252520-%25252520index%25252520%25252528au%25252529%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.apple.com/au/store/_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B%20s_v35%3Dgoogle%253A%2520organic%3B%20s_vi%3D%5BCS%5Dv1%7C475D173000001948-A2B0B9000000979%5BCE%5D%3B%20s_vnum_au%3Dch%253Dhomepage%2526vn%253D4%253Bch%253Dmac%2526vn%253D2%253Bch%253Dmacbookpro%2526vn%253D2%253Bch%253Dmacbook%2526vn%253D2%253Bch%253Dsearch%2526vn%253D1%253Bch%253Ditunes%2526vn%253D3%253Bch%253Dipodnano%2526vn%253D1%253Bch%253Dip%2526vn%253D2%253Bch%253Dmacosxserver%2526vn%253D1%253B%3B%20s_vnum_kb%3Dch%253Dsupport%2526vn%253D1%253B&title=Cart%20-%20Apple%20Store%2&referrer= HTTP/1.1" 404 1261
ERROR LOG
[Wed Nov 04 15:02:48 2009] [error] [client 124.191.112.55] File does not exist: C:/xampp/htdocs/Joomla15/40715998, referer: http://store.apple.com/au/cart
[Wed Nov 04 15:02:50 2009] [error] [client 121.208.91.229] File does not exist: C:/xampp/htdocs/Joomla15/40715998, referer: http://store.apple.com/au/cart?cid=AOSA10000026879
Any help is appreciated.
Thanks
John