Две последние недели в Интернете зафиксированы массовые публикации вредоносных вставок, атакам подверглись интернет-магазины, построенные на базе свободной платформы osCommerce, а так же блоги базирующиеся на популярной CMS WordPress.
Судя по анализу логов одного из взломанных интернет-магазинов атака производилась с нескольких украинских IP-адресов, код эксплоитов загружался с нескольких доменов в зоне RU. Уязвимости CMS, которыми пользовались злоумышленники были также определены, и выпущены соответствующие обновления.
Администрация сайта ещё раз напоминает о необходимости обновляться и мыть руки перед едой.
Подробнее на OpenNet...
Joomla! Debug Console
session.client.browser ⇒ Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
password_clear ⇒
groups ⇒
session.token ⇒ eedfdbb388f66a395a2913c16e8c3282
6.1 MB (6,400,528 Bytes)
68 Queries Logged
SELECT m.id, m.menutype, m.title, m.alias, m.note, m.path AS route, m.link, m.type, m.level, m.language,m.browserNav, m.access, m.params, m.home, m.img, m.template_style_id, m.component_id, m.parent_id,e.element as component
FROM j25_menu AS m
LEFT JOIN j25_extensions AS e
ON m.component_id = e.extension_id
WHERE m.published = 1
AND m.parent_id > 0
AND m.client_id = 0
ORDER BY m.lftSHOW FULL COLUMNS
FROM `j25_easyblog_configs`SELECT *
FROM j25_easyblog_configs
WHERE `name` = 'config'SHOW FULL COLUMNS
FROM `j25_easyblog_post`SELECT a.`id`
FROM j25_easyblog_post as a
WHERE a.`permalink` = 'internet:magaziny-i-blogi-okazalis-v-opasnosti'SELECT a.`id`
FROM j25_easyblog_post as a
WHERE a.`permalink` = 'internet-magaziny-i-blogi-okazalis-v-opasnosti'SELECT *
FROM j25_easyblog_post
WHERE `id` = '49'DELETE
FROM `j25_easyblog_mailq`
WHERE `status`='1'
AND DATEDIFF(NOW(), `created`) >= 7SELECT `id`
FROM `j25_easyblog_mailq`
WHERE `status` = 0
ORDER BY `created` ASC
LIMIT 5SELECT *
FROM `j25_easyblog_post`
WHERE `publish_up` <= '2025-05-16 04:04:22'
AND `published` = '2'
AND `ispending` = '0'
ORDER BY `id`
LIMIT 5UPDATE `j25_easyblog_post`
SET `published` = '0'
WHERE `publish_down` > `publish_up`
AND `publish_down` <= '2025-05-16 04:04:22'
AND `publish_down` != '0000-00-00 00:00:00'
AND `published` != '0'
AND `published` != '3'
AND `ispending` = '0'SELECT b.id
FROM j25_usergroups AS a
LEFT JOIN j25_usergroups AS b
ON b.lft <= a.lft
AND b.rgt >= a.rgt
WHERE a.id = 1SELECT a.rules
FROM j25_assets AS a
WHERE (a.id = 1)
GROUP BY a.id, a.rules, a.lftSHOW FULL COLUMNS
FROM `j25_assets`SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT b.rules
FROM j25_assets AS a
LEFT JOIN j25_assets AS b
ON b.lft <= a.lft
AND b.rgt >= a.rgt
WHERE (a.id = 1)
GROUP BY b.id, b.rules, b.lft
ORDER BY b.lftSHOW FULL COLUMNS
FROM `j25_easyblog_users`SELECT COUNT(*)
FROM `j25_easyblog_configs`
WHERE `name` = 'default'SELECT *
FROM j25_easyblog_configs
WHERE `name` = 'default'SELECT *
FROM `j25_easyblog_acl`
WHERE `published`=1
ORDER BY `id` ASCSELECT *
FROM `j25_easyblog_acl_group`
WHERE `content_id`='1'
AND `type`='
group'SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT id, keywords, description, indexing
FROM `j25_easyblog_meta`
WHERE content_id = '49'
and type = 'post'SELECT *
FROM j25_easyblog_post
WHERE `id` = '49'SHOW FULL COLUMNS
FROM `j25_easyblog_category`SELECT *
FROM j25_easyblog_category
WHERE `id` = '3'SELECT COUNT(1)
FROM `j25_easyblog_category`
WHERE `alias`='poslednie-novosti'
AND `id`!='3'SELECT *
FROM j25_easyblog_post
WHERE `id` = '49'SELECT *
FROM j25_easyblog_category
WHERE `id` = '3'SELECT COUNT(1)
FROM `j25_easyblog_category`
WHERE `alias`='poslednie-novosti'
AND `id`!='3'SHOW FULL COLUMNS
FROM `j25_discuss_users_history`INSERT INTO `j25_discuss_users_history` (`user_id`,`title`,`command`,`created`,`content_id`)
VALUES ('0','Viewed blog post, Интернет магазины и блоги оказались в опасности..','easyblog.view.blog','2025-05-16 04:04:22','0')UPDATE j25_easyblog_post
SET `hits` = (`hits` + 1)
WHERE id = '49'SHOW FULL COLUMNS
FROM `j25_komento_configs`SELECT *
FROM j25_komento_configs
WHERE `component` = 'com_komento'SELECT COUNT(1)
FROM `j25_easyblog_featured`
WHERE `content_id` = '49'
AND `type` = 'post'SELECT a.`id`, a.`title`, a.`alias`
FROM `j25_easyblog_tag` AS a
LEFT JOIN `j25_easyblog_post_tag` AS b
ON a.`id` = b.`tag_id`
WHERE b.`post_id` = '49'
AND a.`published` = '1'
ORDER BY a.`title` ASCSELECT *
FROM j25_easyblog_users
WHERE `id` = '68'SHOW FULL COLUMNS
FROM `j25_users`SELECT *
FROM `j25_users`
WHERE `id` = 68SELECT `g`.`id`,`g`.`title`
FROM `j25_usergroups` AS g
INNER JOIN `j25_user_usergroup_map` AS m
ON m.group_id = g.id
WHERE `m`.`user_id` = 68SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT *
FROM j25_easyblog_category
WHERE `id` = '3'SELECT COUNT(1)
FROM `j25_easyblog_category`
WHERE `alias`='poslednie-novosti'
AND `id`!='3'SELECT `title`
FROM `j25_easyblog_category`
WHERE `id` = '3'SELECT id
FROM j25_assets
WHERE parent_id = 0SELECT *
FROM j25_tagmeta_rules
WHERE ( ( ('/easyblog/entry/internet-magaziny-i-blogi-okazalis-v-opasnosti?print=1&tmpl=component' REGEXP BINARY url)>0
AND (case_sensitive<>0)
AND (decode_url<>0)
AND (request_only<>0) ) OR ( ('/easyblog/entry/internet-magaziny-i-blogi-okazalis-v-opasnosti?print=1&tmpl=component' REGEXP BINARY url)>0
AND (case_sensitive<>0)
AND (decode_url=0)
AND (request_only<>0) ) OR ( ('https://networkdoc.ru/easyblog/entry/internet-magaziny-i-blogi-okazalis-v-opasnosti?print=1&tmpl=component' REGEXP BINARY url)>0
AND (case_sensitive<>0)
AND (decode_url<>0)
AND (request_only=0) ) OR ( ('https://networkdoc.ru/easyblog/entry/internet-magaziny-i-blogi-okazalis-v-opasnosti?print=1&tmpl=component' REGEXP BINARY url)>0
AND (case_sensitive<>0)
AND (decode_url=0)
AND (request_only=0) ) OR ( ('/easyblog/entry/internet-magaziny-i-blogi-okazalis-v-opasnosti?print=1&tmpl=component' REGEXP url)>0
AND (case_sensitive=0)
AND (decode_url<>0)
AND (request_only<>0) ) OR ( ('/easyblog/entry/internet-magaziny-i-blogi-okazalis-v-opasnosti?print=1&tmpl=component' REGEXP url)>0
AND (case_sensitive=0)
AND (decode_url=0)
AND (request_only<>0) ) OR ( ('https://networkdoc.ru/easyblog/entry/internet-magaziny-i-blogi-okazalis-v-opasnosti?print=1&tmpl=component' REGEXP url)>0
AND (case_sensitive=0)
AND (decode_url<>0)
AND (request_only=0) ) OR ( ('https://networkdoc.ru/easyblog/entry/internet-magaziny-i-blogi-okazalis-v-opasnosti?print=1&tmpl=component' REGEXP url)>0
AND (case_sensitive=0)
AND (decode_url=0)
AND (request_only=0) ) )
AND published=1
ORDER BY ordering
36 Query Types Logged, Sorted by Occurrences.
SELECT Tables:
25 × SELECT id
FROM j25_assets3 × SELECT *
FROM j25_easyblog_category3 × SELECT *
FROM j25_easyblog_post3 × SELECT COUNT(1)
FROM `j25_easyblog_category`2 × SELECT *
FROM j25_easyblog_configs2 × SELECT a.`id`
FROM j25_easyblog_post as a1 × SELECT *
FROM j25_komento_configs1 × SELECT COUNT(1)
FROM `j25_easyblog_featured`1 × SELECT a.`id`, a.`title`, a.`alias`
FROM `j25_easyblog_tag` AS a
LEFT JOIN `j25_easyblog_post_tag` AS b
ON a.`id` = b.`tag_id`1 × SELECT `g`.`id`,`g`.`title`
FROM `j25_usergroups` AS g
INNER JOIN `j25_user_usergroup_map` AS m
ON m.group_id = g.id1 × SELECT *
FROM j25_tagmeta_rules1 × SELECT `title`
FROM `j25_easyblog_category`1 × SELECT *
FROM `j25_users`1 × SELECT *
FROM j25_easyblog_users1 × SELECT *
FROM `j25_easyblog_acl`1 × SELECT b.id
FROM j25_usergroups AS a
LEFT JOIN j25_usergroups AS b
ON b.lft <= a.lft
AND b.rgt >= a.rgt1 × SELECT *
FROM `j25_easyblog_post`1 × SELECT `id`
FROM `j25_easyblog_mailq`1 × SELECT a.rules
FROM j25_assets AS a1 × SELECT b.rules
FROM j25_assets AS a
LEFT JOIN j25_assets AS b
ON b.lft <= a.lft
AND b.rgt >= a.rgt1 × SELECT *
FROM `j25_easyblog_acl_group`1 × SELECT m.id, m.menutype, m.title, m.alias, m.note, m.path AS route, m.link, m.type, m.level, m.language,m.browserNav, m.access, m.params, m.home, m.img, m.template_style_id, m.component_id, m.parent_id,e.element as component
FROM j25_menu AS m
LEFT JOIN j25_extensions AS e
ON m.component_id = e.extension_id1 × SELECT COUNT(*)
FROM `j25_easyblog_configs`1 × SELECT id, keywords, description, indexing
FROM `j25_easyblog_meta`
OTHER Tables:
1 × INSERT INTO `j25_discuss_users_history` (`user_id`,`title`,`command`,`created`,`content_id`)
VALUES ('0','Viewed blog post, Интернет магазины и блоги оказались в опасности..','easyblog.view.blog','2025-05-16 04:04:22','0'1 × SHOW FULL COLUMNS
FROM `j25_discuss_users_history1 × UPDATE j25_easyblog_post
SET `hits` = (`hits` + 1)1 × SHOW FULL COLUMNS
FROM `j25_komento_configs1 × SHOW FULL COLUMNS
FROM `j25_users1 × SHOW FULL COLUMNS
FROM `j25_easyblog_category1 × SHOW FULL COLUMNS
FROM `j25_easyblog_users1 × SHOW FULL COLUMNS
FROM `j25_easyblog_post1 × DELETE
FROM `j25_easyblog_mailq`1 × UPDATE `j25_easyblog_post`
SET `published` = '0'1 × SHOW FULL COLUMNS
FROM `j25_assets1 × SHOW FULL COLUMNS
FROM `j25_easyblog_configs