Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

lot of ../../../../../../../../../../../../etc/passwd is this some kind of attack? 
 
mrki
Jr. Member
 
Total Posts:  21
Joined:  2010-01-20
 

I just found (admin) more then 400 similar entires in product review page (catalog_product_review/pending/ )
Please check attached image. Is somebody attempting to hack my site? I run Magento ver. 1.7.0.2. Is this a well know security hole that somebody wants to use? All advices appreciate. Thank you.

Image Attachments
magentoSecurity.pngmagentoSecurity2.pngmagentoSecurity3.png
 
Magento Community Magento Community
Magento Community
Magento Community
 
hankzh
Member
 
Total Posts:  56
Joined:  2011-02-08
 

do you use mcafee’s service?
It looks like they scan your website. Also you can check your apach log to find out more information.

mrki - 15 April 2013 10:29 PM

I just found (admin) more then 400 similar entires in product review page (catalog_product_review/pending/ )
Please check attached image. Is somebody attempting to hack my site? I run Magento ver. 1.7.0.2. Is this a well know security hole that somebody wants to use? All advices appreciate. Thank you.

 
Magento Community Magento Community
Magento Community
Magento Community
 
mrki
Jr. Member
 
Total Posts:  21
Joined:  2010-01-20
 

Thanks for respond. Yes I do use McAfee and my site is scanned on daily basis. Is that what is causing these records?
Does it mean that I don’t have to be concerned?
Thanks

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  285
Joined:  2009-01-20
 

It’s someone (probably an automated attack) trying to do directory traversal. http://en.wikipedia.org/wiki/Directory_traversal_attack

It’s likely that this isn’t too much to worry about if your server is adequately protected but work checking anyway (the wiki link should help).  If you are really worried you should get some sort of application firewall set up on your server.  If you have a dedicated server think about gettiing mod_security or Naxsi installed (depending on your web server).  If you are on shared hosting then the extension in my signature would held identify and block these sort of attacks.

 
Magento Community Magento Community
Magento Community
Magento Community
 
elspood
Magento Team
 
Total Posts:  22
Joined:  2012-05-01
Magento
 
Rich Cleverley - 20 April 2013 01:59 AM

It’s someone (probably an automated attack) trying to do directory traversal. http://en.wikipedia.org/wiki/Directory_traversal_attack

It’s likely that this isn’t too much to worry about if your server is adequately protected but work checking anyway (the wiki link should help).  If you are really worried you should get some sort of application firewall set up on your server.  If you have a dedicated server think about gettiing mod_security or Naxsi installed (depending on your web server).  If you are on shared hosting then the extension in my signature would held identify and block these sort of attacks.

This is all good advice. In addition, applying the principle of least privileges to your user accounts will also make a big difference. For example, if your web server user doesn’t have permissions on the /etc/ folder, then even if there was some magic attack that bypassed the firewall and any other security measures you had in place, the attacker still couldn’t read the password file. So, don’t run your web server as root.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top