Very puzzling Very puzzling
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Very puzzling

Started by lilguy43uk, October 07, 2017, 02:24:27 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

lilguy43uk

October 07, 2017, 02:24:27 PM
For some time now someone has been trying to access restricted system files on my gallery (latest stable release). Example from the security log.......
    Oct 06, 2017 at 08:26 PM - Denied privileged access to usermgr.php by user Guest at IP
    Oct 07, 2017 at 03:41 AM - Failed login attempt at IP with Username: GeorgeThery
    Oct 07, 2017 at 04:58 AM - Denied privileged access to register.php by user Guest at IP
    Oct 07, 2017 at 10:38 AM - Denied privileged access to usermgr.php by user Guest at IP
What is puzzling me is that there is no user called "Guest" on the board and guest logins are blocked anyway.
Note the failed login from GeorgeThery. User "Guest" seems to have been able to access the system in some way without logging in as there is never a record of him doing so in the Access Log, and yet the log identifies him as a user.
I've tried deactivating all the users but it's made no difference.
Any idea how he's getting in and how I can stop him? I lost the site once through this sort of thing and I don't want it to happen again.
Thanks

lilguy43uk

#1
October 09, 2017, 09:40:33 AM
A bit more to the puzzle. I've changed the path to the gallery as a temporary measure and it seems to have stopped him and indicates to me that he's getting in through the front end and not the back end. So how is it that he doesn't appear in the access log?
I have no IP or email to let me block him and the username Guest doesn't appear in any of the members' profiles.
Guest access is disabled.
I can't leave the gallery offline for ever and would like to find a solution as soon as I can.

ron4mac

#2
October 09, 2017, 06:43:04 PM
The username 'Guest' is just the default that is used for logging and error messages when CPG is accessed without being logged in. It does NOT mean that someone is logged in as 'Guest'.

It would seem that someone (or thing) has tried to access your site in hopes of discovering/using some exploit to gain controlling access. As annoying as it is, it is not at all uncommon in today's web landscape.  Just make sure you are using the latest CPG version (1.5.46 or 1.6.03).

lilguy43uk

#3
October 10, 2017, 08:43:15 AM
Thanks for the reassurance Ron4mac. i was worried because i lost the site last year through this king of behaviour and I've only just restored it.

ΑndrĂ©

#4
November 08, 2017, 06:28:28 PM
Please don't forget to create regular backups. Marking thread as solved.

lilguy43uk

#5
November 08, 2017, 08:31:33 PM
Thanks Andre

My apologies for forgetting to close the thread.

Cheers
Jim
Print
Go Up Pages1
User actions