You need to be logged in to post in the forum - Log In
An active JCE Pro Subscription is required to post in the forum - Buy a Subscription
- Support
- Forum
- JCE Editor
- False Positive or not?
Support is currently Offline
Official support hours:
Monday To Friday
From 09:00 To 17:00 Europe/London (BST)
From 09:00 To 17:00 Europe/London (BST)
Please post your question in the Forum and we will get back to you as soon as we can.
Started seeing loads of hacker like activity on my server over the past 72 hours.
I had a number of sites that were not up to date with their version of JCE and jce plugins. Since then they are.
However I'm still seeing things like this in the access logs.
Do these look like people just still trying? I note that this line has a 200 response. I can see no evidence of an uploaded file.
5.45.67.80 - - [29/Sep/2016:22:19:01 +1000] "POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743 HTTP/1.1" 200 10 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
Appreciate any assistance.
I had a number of sites that were not up to date with their version of JCE and jce plugins. Since then they are.
However I'm still seeing things like this in the access logs.
Do these look like people just still trying? I note that this line has a 200 response. I can see no evidence of an uploaded file.
5.45.67.80 - - [29/Sep/2016:22:19:01 +1000] "POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743 HTTP/1.1" 200 10 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
Appreciate any assistance.
This is an attempt to exploit a vulnerability in a very old version of JCE 1.5, probably run via a bot or other automated script.
This exploit does not affect JCE 2.5 in any way, which also includes code to block any access using the URL you posted above, or similar:
https://github.com/widgetfactory/jce/blob/2.5.x/administrator/components/com_jce/jce.php#L23-L25
This exploit does not affect JCE 2.5 in any way, which also includes code to block any access using the URL you posted above, or similar:
https://github.com/widgetfactory/jce/blob/2.5.x/administrator/components/com_jce/jce.php#L23-L25
Just because you're not paranoid doesn't mean everybody isn't out to get you.
- Page :
- 1
There are no replies made for this post yet.
Be one of the first to reply to this post!
Be one of the first to reply to this post!