- Posts: 9
- Thank you received: 0
Odd Activity in Web Logs
4 years 1 month ago #116241
by macanics
Odd Activity in Web Logs was created by macanics
I have just observed repeated attempts to POST data to LS from several URLs. The path looks odd, but the requests are getting 200 OK responses, so I'm concerned that I have a vulnerability. Can anyone comment on this?
Sample (IPs changed to protect the innocent!):
abc.efg.217.140 - - [15/Jan/2015:11:15:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14432
abc.efg.217.140 - - [15/Jan/2015:11:15:39 +0000] "POST /index.php/survey/index HTTP/1.1" 200 17952
abc.efg.217.140 - - [15/Jan/2015:11:15:41 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14326
abc.efg.217.140 - - [15/Jan/2015:11:15:44 +0000] "POST /index.php/survey/index HTTP/1.1" 200 10293
abc.efg.217.140 - - [15/Jan/2015:11:15:53 +0000] "POST /index.php/survey/index HTTP/1.1" 200 7812
abc.efg.217.140 - - [15/Jan/2015:11:15:55 +0000] "POST /index.php/survey/index HTTP/1.1" 200 15281
abc.efg.217.140 - - [15/Jan/2015:11:16:06 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14009
abc.efg.217.140 - - [15/Jan/2015:11:16:11 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14357
abc.efg.217.140 - - [15/Jan/2015:11:16:19 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14460
abc.efg.217.140 - - [15/Jan/2015:11:16:27 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14444
abc.efg.217.140 - - [15/Jan/2015:11:16:33 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14449
abc.efg.217.140 - - [15/Jan/2015:11:16:37 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14416
abc.efg.217.140 - - [15/Jan/2015:11:16:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 13171
I can't see any malicious changes in any surveys.
---john---
Sample (IPs changed to protect the innocent!):
abc.efg.217.140 - - [15/Jan/2015:11:15:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14432
abc.efg.217.140 - - [15/Jan/2015:11:15:39 +0000] "POST /index.php/survey/index HTTP/1.1" 200 17952
abc.efg.217.140 - - [15/Jan/2015:11:15:41 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14326
abc.efg.217.140 - - [15/Jan/2015:11:15:44 +0000] "POST /index.php/survey/index HTTP/1.1" 200 10293
abc.efg.217.140 - - [15/Jan/2015:11:15:53 +0000] "POST /index.php/survey/index HTTP/1.1" 200 7812
abc.efg.217.140 - - [15/Jan/2015:11:15:55 +0000] "POST /index.php/survey/index HTTP/1.1" 200 15281
abc.efg.217.140 - - [15/Jan/2015:11:16:06 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14009
abc.efg.217.140 - - [15/Jan/2015:11:16:11 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14357
abc.efg.217.140 - - [15/Jan/2015:11:16:19 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14460
abc.efg.217.140 - - [15/Jan/2015:11:16:27 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14444
abc.efg.217.140 - - [15/Jan/2015:11:16:33 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14449
abc.efg.217.140 - - [15/Jan/2015:11:16:37 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14416
abc.efg.217.140 - - [15/Jan/2015:11:16:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 13171
I can't see any malicious changes in any surveys.
---john---
Please Log in or Create an account to join the conversation.
- DenisChenu
-
- Offline
- LimeSurvey Community Team
-
Less
More
- Posts: 10505
- Karma: 408
- Thank you received: 1863
4 years 4 weeks ago #116421
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .
Replied by DenisChenu on topic Odd Activity in Web Logs
Surevy url after starting are allways /index.php/survey/index.
And all surveys pages need $_POST
And all surveys pages need $_POST
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .
Please Log in or Create an account to join the conversation.
4 years 4 weeks ago #116424
by macanics
Replied by macanics on topic Odd Activity in Web Logs
OK, seems reasonable. I am concerned with the speed of those replies, though. What's the recommended way of checking which SID those POSTs are going to?
---john---
---john---
Please Log in or Create an account to join the conversation.