Support

Hello,

I've gotten a recent avalanche of access attempts. Over 400 in the last few days.

The target URLs contain html such as %22, %29, %2F, etc. Always in long combinations and between words like PROCEDURE, CONCAT, WHERE, SELECT, ANALYSE, UPDATEXML.

example:
(domain)/index.php?id=41%22%2F%2A%2A%2FPROCEDURE%2F%2A%2A%2FANALYSE%28EXTRACTVALUE%286441%2C%2F%2A%2150000CONCAT%2A%2F%280x5c%2C%2527~%2527%2C%28%2F%2A%2150000SELECT%2A%2F%28ELT%286441%3D6441%2C1%29%29%29%2C%2527~%2527%29%29%2C1%29--+-&Itemid=41&option=com_content

The IPs are random, but the attempts come in batches. Several over a short period, a small break, then repeat. They all use the same article ID.

Although there are a few exceptions, the IPs are usually used once. During this pattern, only 3 IPs have been banned.

I tested one of the URLs and it resulted in a 403 error.

The site is in someone's crosshairs, but I don't know if this is an acceptable level of threat or something that needs a heightened awareness.

Thanks!

Hi Nicholas,

Thanks for the information. I know ZERO about hacking tools and methods. It was the volume of attempts that had me concerned. I'm glad my concern was unnecessary.

I was pleased to hear that this method is ineffective and dates back to the Y2K scare. As a fan of a well-placed insult, I was even more pleased that your evaluation of his method was dripping with them.

I also reached out to my host. Their scans showed (as you would have guessed) no malicious code.

Your influence goes further than you know. Since I opened this ticket 16 hours ago, there have been no more attempts of that type. That's a record by about 15 hours. My only conclusion is that they heard you were on the case and ran away!

Thanks Again!