micheal36 Posted January 28, 2018 Share Posted January 28, 2018 Over the last few weeks I have had people trying to access the following urls and some similar index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b by BOT for JCE /includes/exit.php?ID=999999.9 /*!30000union all select 0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x3130323 /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b what are these urls trying to do and should I be worried? Micheal! Quote Link to comment https://forums.phpfreaks.com/topic/306347-what-is-happening-here/ Share on other sites More sharing options...
requinix Posted January 28, 2018 Share Posted January 28, 2018 That URL very likely corresponds to some particular PHP application which has a vulnerability. They're trying to exploit it. As long as your site is responding correctly for that - probably a 404 - then you don't need to worry about it. Quote Link to comment https://forums.phpfreaks.com/topic/306347-what-is-happening-here/#findComment-1555817 Share on other sites More sharing options...
phpmillion Posted January 29, 2018 Share Posted January 29, 2018 Most likely someone looks for a vulnerability in your website. It looks you use some out-of-the-box plugin/script, so you may want to update it to the latest version first. For the peace of mind, you can also block IPs that make those requests. Quote Link to comment https://forums.phpfreaks.com/topic/306347-what-is-happening-here/#findComment-1555837 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.