- Posts: 7
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Odd Activity in Web Logs
- macanics
- Topic Author
- Offline
- New Member
Less
More
9 years 3 months ago #116241
by macanics
Odd Activity in Web Logs was created by macanics
I have just observed repeated attempts to POST data to LS from several URLs. The path looks odd, but the requests are getting 200 OK responses, so I'm concerned that I have a vulnerability. Can anyone comment on this?
Sample (IPs changed to protect the innocent!):
abc.efg.217.140 - - [15/Jan/2015:11:15:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14432
abc.efg.217.140 - - [15/Jan/2015:11:15:39 +0000] "POST /index.php/survey/index HTTP/1.1" 200 17952
abc.efg.217.140 - - [15/Jan/2015:11:15:41 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14326
abc.efg.217.140 - - [15/Jan/2015:11:15:44 +0000] "POST /index.php/survey/index HTTP/1.1" 200 10293
abc.efg.217.140 - - [15/Jan/2015:11:15:53 +0000] "POST /index.php/survey/index HTTP/1.1" 200 7812
abc.efg.217.140 - - [15/Jan/2015:11:15:55 +0000] "POST /index.php/survey/index HTTP/1.1" 200 15281
abc.efg.217.140 - - [15/Jan/2015:11:16:06 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14009
abc.efg.217.140 - - [15/Jan/2015:11:16:11 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14357
abc.efg.217.140 - - [15/Jan/2015:11:16:19 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14460
abc.efg.217.140 - - [15/Jan/2015:11:16:27 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14444
abc.efg.217.140 - - [15/Jan/2015:11:16:33 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14449
abc.efg.217.140 - - [15/Jan/2015:11:16:37 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14416
abc.efg.217.140 - - [15/Jan/2015:11:16:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 13171
I can't see any malicious changes in any surveys.
---john---
Sample (IPs changed to protect the innocent!):
abc.efg.217.140 - - [15/Jan/2015:11:15:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14432
abc.efg.217.140 - - [15/Jan/2015:11:15:39 +0000] "POST /index.php/survey/index HTTP/1.1" 200 17952
abc.efg.217.140 - - [15/Jan/2015:11:15:41 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14326
abc.efg.217.140 - - [15/Jan/2015:11:15:44 +0000] "POST /index.php/survey/index HTTP/1.1" 200 10293
abc.efg.217.140 - - [15/Jan/2015:11:15:53 +0000] "POST /index.php/survey/index HTTP/1.1" 200 7812
abc.efg.217.140 - - [15/Jan/2015:11:15:55 +0000] "POST /index.php/survey/index HTTP/1.1" 200 15281
abc.efg.217.140 - - [15/Jan/2015:11:16:06 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14009
abc.efg.217.140 - - [15/Jan/2015:11:16:11 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14357
abc.efg.217.140 - - [15/Jan/2015:11:16:19 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14460
abc.efg.217.140 - - [15/Jan/2015:11:16:27 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14444
abc.efg.217.140 - - [15/Jan/2015:11:16:33 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14449
abc.efg.217.140 - - [15/Jan/2015:11:16:37 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14416
abc.efg.217.140 - - [15/Jan/2015:11:16:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 13171
I can't see any malicious changes in any surveys.
---john---
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13643
- Thank you received: 2491
9 years 3 months ago #116421
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Odd Activity in Web Logs
Surevy url after starting are allways /index.php/survey/index.
And all surveys pages need $_POST
And all surveys pages need $_POST
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- macanics
- Topic Author
- Offline
- New Member
Less
More
- Posts: 7
- Thank you received: 0
9 years 3 months ago #116424
by macanics
Replied by macanics on topic Odd Activity in Web Logs
OK, seems reasonable. I am concerned with the speed of those replies, though. What's the recommended way of checking which SID those POSTs are going to?
---john---
---john---
The topic has been locked.