Search Module used to SPAM MySQL - cms_module_search_words
Posted: Tue Jul 23, 2013 2:44 pm
Hello all,
Spotted only recently, but this appears to have been going on for awhile; the database is filling-up with crap!
Questions: What's the purpose in doing this? What are we looking at? Any way to filter-out this sort of behaviour?
/gully
Attached: snippets from server log + some cms_module_search_words
Here's one result of this activity -- using Joomla:
http://www.caseinc.org/index.php?option ... =1&print=1
----------------------------------------------
Cms Version: 1.11.5 <-- i know
Installed Modules:
CMSMailer: 5.2.1
FileManager: 1.4.3
MenuManager: 1.8.5
ModuleManager: 1.5.5
News: 2.12.12
Search: 1.7.8
ThemeManager: 1.1.8
Showtime: 3.3
FormBuilder: 0.7.3
CMSPrinting: 1.0.4
TinyMCE: 2.9.12
CustomGS: 1.3
CGExtensions: 1.32.6
JQueryTools: 1.2.5
Notifications: 1.0
ListIt2: 1.4-beta1
ListIt2Facsheets: 1.4-beta1
MicroTiny: 1.2.5
XMLMadeSimple: 0.1.2
RSS2HTML: 1.2.5.2
Config Information:
php_memory_limit:
process_whole_template: false
output_compression:
max_upload_size: 16000000
url_rewriting: none
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true
Php Information:
phpversion: 5.2.17
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 0
memory_limit: 32M
max_execution_time: 300
output_buffering: 4096
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 8M
upload_max_filesize: 16M
session_save_path: No check because open basedir active
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)
Server Information:
Server Api: cgi-fcgi
Server Db Type: MySQL (mysqli)
Server Db Version: 5.0.45
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
----------------------------------------------
Spotted only recently, but this appears to have been going on for awhile; the database is filling-up with crap!
Questions: What's the purpose in doing this? What are we looking at? Any way to filter-out this sort of behaviour?
/gully
Attached: snippets from server log + some cms_module_search_words
Here's one result of this activity -- using Joomla:
http://www.caseinc.org/index.php?option ... =1&print=1
----------------------------------------------
Cms Version: 1.11.5 <-- i know
Installed Modules:
CMSMailer: 5.2.1
FileManager: 1.4.3
MenuManager: 1.8.5
ModuleManager: 1.5.5
News: 2.12.12
Search: 1.7.8
ThemeManager: 1.1.8
Showtime: 3.3
FormBuilder: 0.7.3
CMSPrinting: 1.0.4
TinyMCE: 2.9.12
CustomGS: 1.3
CGExtensions: 1.32.6
JQueryTools: 1.2.5
Notifications: 1.0
ListIt2: 1.4-beta1
ListIt2Facsheets: 1.4-beta1
MicroTiny: 1.2.5
XMLMadeSimple: 0.1.2
RSS2HTML: 1.2.5.2
Config Information:
php_memory_limit:
process_whole_template: false
output_compression:
max_upload_size: 16000000
url_rewriting: none
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true
Php Information:
phpversion: 5.2.17
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 0
memory_limit: 32M
max_execution_time: 300
output_buffering: 4096
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 8M
upload_max_filesize: 16M
session_save_path: No check because open basedir active
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)
Server Information:
Server Api: cgi-fcgi
Server Db Type: MySQL (mysqli)
Server Db Version: 5.0.45
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
----------------------------------------------
