Helpdesk is open from Monday through Friday CET
Hello,
I'm having an issue with a single URL, not sure how it's happening, could it be hackers?
The biggest issue is when trying to process a donation with Joomdonation it redirects to the https://xxxx.org/jdonation which is a 500 error. So, I went to delte that URL but since there are so many duplicates, it's not allowing me to delete it.
Kind regards,
John
Hello,
I logged into myPHPAdmin to see if I could Identify the duplicates, and a bbunch of them are formatted in this way:
index.php?option=com_jdonation&lang=en"_AND_GTID_SUBSET(CONCAT(0x716a6b7871,(SELECT_HEX((CASE_WHEN_(EXISTS(SELECT_8_FROM_user_usrnm))_THEN_1_ELSE_0_END))),0x71626a7171),6415)--_RcCj=
Kind regards,
John
Hello,
Do you know how I could delete all of these jdonation duplicates via myPHPadmin?
Kind regards,
John
Hi
index.php?option=com_jdonation&lang=en"_AND_GTID_SUBSET(CONCAT(0x716a6b7871,(SELECT_HEX((CASE_WHEN_(EXISTS(SELECT_8_FROM_user_usrnm))_THEN_1_ELSE_0_END))),0x71626a7171),6415)--_RcCj=
This indicates that indeed some random bots tried to use a vulnerability in the jDonation extension. None of these attacks worked of course but because you most likely have enabled the "301 redirect from non-sef to SEF" feature under the "Advanced" section of sh404SEF configuration, each of these URLs were recorded (as duplicates).
So the first thing to do is to set "301 redirect from non-sef to SEF" and "301 redirect from Joomla SEF to sh404SEF" to No under the Advanced tab of sh404SEF configuration.
As for deleting these, I'd suggest to just select that URL from the SEF URL manager and click the Delete with dupl. button which is meant exactly for that. If your server fails at some point in the process of deleting so many duplicates, just reload the page and do it again, until there's no duplicates left.
Best regards
Yannick Gaultier
weeblr.com / @weeblr
Hi Yannick,
If I switch the "301 Redirect from Joomla SEF to Sh404sef" to no with that make it so the attacks can go though?
Is there a way to protect from this occurance?
Kind regards,
John
Hi
If I switch the "301 Redirect from Joomla SEF to Sh404sef" to no with that make it so the attacks can go though?
There is no relationship between this and that. Redirecting is not a securioty feature, it just has nothing to do with it. Except that you are filling up your database because you're telling sh404SEF to build a SEF URL for each and every requests that does not already exist and start with index.php.
Is there a way to protect from this occurance?
There is no need for protection. All these are failed attacks. All sites have them, they are just random bots throwing random requests at web server. You likely have attacks directed at WordPress websites in the mix. They are not a threat unless you have out of dates extensions or Joomla for instance.
Best regards
Yannick Gaultier
weeblr.com / @weeblr
