Jump to content

Possible hack attempt using Product.php

GoPure Kratom

By GoPure Kratom
in General topics

 Share

Recommended Posts

GoPure Kratom Contributor

GoPure Kratom

Posted
Posted (edited)

Hi,

I noticed some weird beahivour with periodically someone sending 1 character to the chat I have on a website.

Didn't notice anything in the logs, but found that a new logfile had popped into /var/logs: 20221103_exception.log
This is weird because I have never seen logfile like this in that directory.

It started like this:
  

*ERROR*         v1.7.8.7        2022/11/03 - 00:43:39: Link to database cannot be established: SQLSTATE[HY000] [2006] MySQL server has gone away at line 136 in file classes/db/DbPDO.php
*ERROR*         v1.7.8.7        2022/11/03 - 00:43:39: Link to database cannot be established: SQLSTATE[HY000] [2006] MySQL server has gone away at line 136 in file classes/db/DbPDO.php
*ERROR*         v1.7.8.7        2022/11/03 - 00:43:39: Link to database cannot be established: SQLSTATE[HY000] [2006] MySQL server has gone away at line 136 in file classes/db/DbPDO.php
*ERROR*         v1.7.8.7        2022/11/03 - 00:43:39: Link to database cannot be established: SQLSTATE[HY000] [2002] Connection refused at line 136 in file classes/db/DbPDO.php
*ERROR*         v1.7.8.7        2022/11/03 - 00:43:39: Link to database cannot be established: SQLSTATE[HY000] [2002] Connection refused at line 136 in file classes/db/DbPDO.php
*ERROR*         v1.7.8.7        2022/11/03 - 00:43:39: Link to database cannot be established: SQLSTATE[HY000] [2002] Connection refused at line 136 in file classes/db/DbPDO.php
*ERROR*         v1.7.8.7        2022/11/03 - 00:43:41: Link to database cannot be established: SQLSTATE[HY000] [2002] Connection refused at line 136 in file classes/db/DbPDO.php

 

And then continues like this with a new line every few minutes or so: 

*ERROR*         v1.7.8.7        2022/11/03 - 03:59:46: Can not retrieve the id_product_attribute at line 7532 in file classes/Product.php
*ERROR*         v1.7.8.7        2022/11/03 - 03:59:50: Can not retrieve the id_product_attribute at line 7532 in file classes/Product.php
*ERROR*         v1.7.8.7        2022/11/03 - 03:59:57: Can not retrieve the id_product_attribute at line 7532 in file classes/Product.php
*ERROR*         v1.7.8.7        2022/11/03 - 04:00:20: Can not retrieve the id_product_attribute at line 7532 in file classes/Product.php
*ERROR*         v1.7.8.7        2022/11/03 - 04:00:20: Can not retrieve the id_product_attribute at line 7532 in file classes/Product.php

No changes has been done to the classes/Product.php

 

Acces logs show this. And I think this answers the question, because I was not able to post this as text and got firewalled :D
Does seem like SQL injection attempt??

image.thumb.png.ec1ed62898cb8df8002ac2427c682255.png

 

Any idea where to look next? Or what is being possibly attempted here?

Edited by GoPure Kratom
Added info (see edit history)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...