View Single Post
  #5  
Old 15th May 2013, 16:05
Ph1L Ph1L is offline
Junior Member
 
Join Date: Apr 2013
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I think I found the issue - JCE BOT - The Joomla installations had outdated JCE versions, according to http://docs.joomla.org/Vulnerable_Extensions_List

41.107.141.X - - [08/May/2013:23:07:11 +0200] "POST /index.php?option=com_jce&task=plugin&plugin=imgman ager&file=imgmanager&method=form&cid=20&6bc427c8a7 981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c 8e20b HTTP/1.0" 200 67 "-" "BOT/0.1 (BOT for JCE)"
41.107.141.X - - [08/May/2013:23:07:12 +0200] "POST /index.php?option=com_jce&task=plugin&plugin=imgman ager&file=imgmanager&method=form&cid=20 HTTP/1.0" 200 36 "-" "BOT/0.1 (BOT for JCE)"
41.107.141.X - - [08/May/2013:23:07:12 +0200] "GET /images/stories/gh.php?ghz HTTP/1.1" 200 20 "-" "BOT/0.1 (BOT for JCE)"
41.107.141.X - - [08/May/2013:23:07:13 +0200] "GET /gh.html HTTP/1.1" 200 446 "-" "BOT/0.1 (BOT for JCE)"
41.107.141.X - - [08/May/2013:23:07:16 +0200] "GET / HTTP/1.1" 500 1852 "-" "BOT/0.1 (BOT for JCE)"

Now JCE is updated
Reply With Quote