Announcement

Collapse
No announcement yet.

My v5.4.2 forum got hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wayne Luke
    replied
    1. In a default installation, there are no directories that vBulletin needs to write to within the vBulletin directory.
    2. In a default installation, attachments, avatars, signature pictures, templates, and css files are stored in the database.
    3. In a default installation, the system cache is stored in the database. Storing the system cache in the file system will be a performance decrease unless you are using Enterprise SSDs.
    4. In a default installation, vBulletin will use the /tmp directory defined in PHP. This directory should never be within the webroot.

    If you have altered your installation from the default, you will need to make appropriate changes to your server setup. I don't know what your server configuration or setup is.

    You will need to talk to your Web Hosting Provider about file ownership. We have no idea how your server is configured and cannot provide server support.

    Leave a comment:


  • rag_gupta
    replied
    Are you sure? There will be atleast some temporary directories where write permission is to be given?

    Can I do :
    Code:
    chown -R otheruser.otheruser siteroot
    ?

    The installation is in www-root user. Can i change the ownership of all directories to root.root?

    Leave a comment:


  • Wayne Luke
    replied
    All of the directories in a default installation can be write protected.

    However, your version of vBulletin is vulnerable and will remain vulnerable as long as you use it. You need to upgrade to vBulletin 5.5.4 PL2 as soon as possible.

    Leave a comment:


  • rag_gupta
    started a topic My v5.4.2 forum got hacked

    My v5.4.2 forum got hacked

    Unfortunate situation that out of many other sites like Drupal, Xenforo somebody hacked the Vbulletin forum to inject some php files which was running bitcoin miner. It spread in many other files

    I've traced the POST request.

    All I need the list of directories which can be write protected in VBulletin installtion. I actually give write permission only where needed like temporary folder etc. So I need to know for VBulletin


    Here are the relevant POST hack requests:



    66.249.88.148 - - [27/Sep/2019:02:38:47 +0530] "POST /job.php HTTP/1.1" 200 552 "https://forum.non-vbulletin-site.com/threads/greedy-dr-amol-bapaye-deenanath-mangeshkar-hospital-pune.3116/" "
    64.233.172.198 - - [27/Sep/2019:02:39:52 +0530] "POST /ajax/api/options/fetchValues HTTP/1.1" 200 944 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/187-penalty-charges-when-travelling-without-ticket" "
    64.233.172.198 - - [27/Sep/2019:02:39:53 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 4353 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/187-penalty-charges-when-travelling-without-ticket" "
    64.233.172.198 - - [27/Sep/2019:02:39:53 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 878 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/187-penalty-charges-when-travelling-without-ticket" "
    64.233.172.198 - - [27/Sep/2019:02:39:53 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 864 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/187-penalty-charges-when-travelling-without-ticket" "
    64.233.172.200 - - [27/Sep/2019:02:39:53 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 879 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/187-penalty-charges-when-travelling-without-ticket" "
    64.233.172.198 - - [27/Sep/2019:02:39:54 +0530] "POST /ajax/api/node/incrementNodeview HTTP/1.1" 200 843 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/187-penalty-charges-when-travelling-without-ticket" "
    64.233.172.200 - - [27/Sep/2019:02:39:54 +0530] "POST /ajax/apidetach/cron/run HTTP/1.1" 200 876 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/187-penalty-charges-when-travelling-without-ticket" "
    66.249.83.90 - - [27/Sep/2019:02:46:44 +0530] "POST /ajax/api/options/fetchValues HTTP/1.1" 200 944 "https://forum.example.com/forum/general-section/general-discussion/495-how-to-book-train-tickets-by-using-sbi-ircts-credit-card" "
    66.249.83.88 - - [27/Sep/2019:02:46:45 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 4353 "https://forum.example.com/forum/general-section/general-discussion/495-how-to-book-train-tickets-by-using-sbi-ircts-credit-card" "
    66.249.83.89 - - [27/Sep/2019:02:46:45 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 878 "https://forum.example.com/forum/general-section/general-discussion/495-how-to-book-train-tickets-by-using-sbi-ircts-credit-card" "
    66.102.8.132 - - [27/Sep/2019:02:46:46 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 864 "https://forum.example.com/forum/general-section/general-discussion/495-how-to-book-train-tickets-by-using-sbi-ircts-credit-card" "
    66.249.83.89 - - [27/Sep/2019:02:46:46 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 879 "https://forum.example.com/forum/general-section/general-discussion/495-how-to-book-train-tickets-by-using-sbi-ircts-credit-card" "
    66.249.83.88 - - [27/Sep/2019:02:46:46 +0530] "POST /ajax/api/node/incrementNodeview HTTP/1.1" 200 843 "https://forum.example.com/forum/general-section/general-discussion/495-how-to-book-train-tickets-by-using-sbi-ircts-credit-card" "
    66.102.8.132 - - [27/Sep/2019:02:46:47 +0530] "POST /ajax/apidetach/cron/run HTTP/1.1" 200 876 "https://forum.example.com/forum/general-section/general-discussion/495-how-to-book-train-tickets-by-using-sbi-ircts-credit-card" "
    177.17.3.33 - - [27/Sep/2019:02:54:19 +0530] "POST /user/login HTTP/1.1" 200 16541 "-" "
    66.102.6.180 - - [27/Sep/2019:02:54:32 +0530] "POST /job.php HTTP/1.1" 200 552 "https://forum.non-vbulletin-site.com/threads/dr-sanjay-saxena-gastroenterologist-dehradun.19/" "
    66.102.7.150 - - [27/Sep/2019:02:54:56 +0530] "POST /ajax/api/options/fetchValues HTTP/1.1" 200 944 "https://forum.example.com/forum/ticket-booking-cancellation-%E0%A4%9F%E0%A4%BF%E0%A4%95%E0%A4%9F-%E0%A4%AC%E0%A5%81%E0%A4%95%E0%A4%BF%E0%A4%82%E0%A4%97-%E0%A4%B0%E0%A4%A6%E0%A5%8D%E0%A4%A6%E0%A5%80%E0%A4%95%E0%A4%B0%E0%A4%A3/e-ticket-queries/269-scanning-barcode-in-the-e-ticket-booked-at-irctc" "
    66.102.6.164 - - [27/Sep/2019:02:54:56 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 4353 "https://forum.example.com/forum/ticket-booking-cancellation-%E0%A4%9F%E0%A4%BF%E0%A4%95%E0%A4%9F-%E0%A4%AC%E0%A5%81%E0%A4%95%E0%A4%BF%E0%A4%82%E0%A4%97-%E0%A4%B0%E0%A4%A6%E0%A5%8D%E0%A4%A6%E0%A5%80%E0%A4%95%E0%A4%B0%E0%A4%A3/e-ticket-queries/269-scanning-barcode-in-the-e-ticket-booked-at-irctc" "
    66.102.7.148 - - [27/Sep/2019:02:54:56 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 878 "https://forum.example.com/forum/ticket-booking-cancellation-%E0%A4%9F%E0%A4%BF%E0%A4%95%E0%A4%9F-%E0%A4%AC%E0%A5%81%E0%A4%95%E0%A4%BF%E0%A4%82%E0%A4%97-%E0%A4%B0%E0%A4%A6%E0%A5%8D%E0%A4%A6%E0%A5%80%E0%A4%95%E0%A4%B0%E0%A4%A3/e-ticket-queries/269-scanning-barcode-in-the-e-ticket-booked-at-irctc" "
    66.102.7.152 - - [27/Sep/2019:02:54:57 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 864 "https://forum.example.com/forum/ticket-booking-cancellation-%E0%A4%9F%E0%A4%BF%E0%A4%95%E0%A4%9F-%E0%A4%AC%E0%A5%81%E0%A4%95%E0%A4%BF%E0%A4%82%E0%A4%97-%E0%A4%B0%E0%A4%A6%E0%A5%8D%E0%A4%A6%E0%A5%80%E0%A4%95%E0%A4%B0%E0%A4%A3/e-ticket-queries/269-scanning-barcode-in-the-e-ticket-booked-at-irctc" "
    66.102.7.150 - - [27/Sep/2019:02:54:57 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 879 "https://forum.example.com/forum/ticket-booking-cancellation-%E0%A4%9F%E0%A4%BF%E0%A4%95%E0%A4%9F-%E0%A4%AC%E0%A5%81%E0%A4%95%E0%A4%BF%E0%A4%82%E0%A4%97-%E0%A4%B0%E0%A4%A6%E0%A5%8D%E0%A4%A6%E0%A5%80%E0%A4%95%E0%A4%B0%E0%A4%A3/e-ticket-queries/269-scanning-barcode-in-the-e-ticket-booked-at-irctc" "
    66.102.6.166 - - [27/Sep/2019:02:54:57 +0530] "POST /ajax/api/node/incrementNodeview HTTP/1.1" 200 843 "https://forum.example.com/forum/ticket-booking-cancellation-%E0%A4%9F%E0%A4%BF%E0%A4%95%E0%A4%9F-%E0%A4%AC%E0%A5%81%E0%A4%95%E0%A4%BF%E0%A4%82%E0%A4%97-%E0%A4%B0%E0%A4%A6%E0%A5%8D%E0%A4%A6%E0%A5%80%E0%A4%95%E0%A4%B0%E0%A4%A3/e-ticket-queries/269-scanning-barcode-in-the-e-ticket-booked-at-irctc" "
    66.102.7.148 - - [27/Sep/2019:02:54:58 +0530] "POST /ajax/apidetach/cron/run HTTP/1.1" 200 876 "https://forum.example.com/forum/ticket-booking-cancellation-%E0%A4%9F%E0%A4%BF%E0%A4%95%E0%A4%9F-%E0%A4%AC%E0%A5%81%E0%A4%95%E0%A4%BF%E0%A4%82%E0%A4%97-%E0%A4%B0%E0%A4%A6%E0%A5%8D%E0%A4%A6%E0%A5%80%E0%A4%95%E0%A4%B0%E0%A4%A3/e-ticket-queries/269-scanning-barcode-in-the-e-ticket-booked-at-irctc" "
    79.142.76.244 - - [27/Sep/2019:02:57:00 +0530] "POST /forum/irctc-account-irctc-%25E0%25A4%2591%25E0%25A4%25A8%25E0%25A4%25B2%25E0%25A4%25BE%25E0%25A4%2587%25E0%25A4%25A8-%25E0%25A4%258F%25E0%25A4%2595%25E0%25A4%25BE%25E0%25A4%2589%25E0%25A4%2582%25E0%25A4%259F/irctc-general/index.php?routestring=ajax/render/widget_php HTTP/1.1" 200 5990 "-" "
    79.142.76.244 - - [27/Sep/2019:02:57:07 +0530] "POST /forum/while-in-train-%25E0%25A4%259C%25E0%25A4%25AC-%25E0%25A4%259F%25E0%25A5%258D%25E0%25A4%25B0%25E0%25A5%2587%25E0%25A4%25A8-%25E0%25A4%25AE%25E0%25A5%2588%25E0%25A4%2582-%25E0%25A4%25B9%25E0%25A5%2588%25E0%25A4%2582/id-proofs-reg/index.php?routestring=ajax/render/widget_php HTTP/1.1" 200 5990 "-" "
    66.102.6.168 - - [27/Sep/2019:03:03:05 +0530] "POST /ajax/api/options/fetchValues HTTP/1.1" 200 944 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/irctc-general/463-opt-berth-in-irctc" "
    66.102.6.166 - - [27/Sep/2019:03:03:06 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 4353 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/irctc-general/463-opt-berth-in-irctc" "
    66.102.6.166 - - [27/Sep/2019:03:03:06 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 878 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/irctc-general/463-opt-berth-in-irctc" "
    66.102.6.168 - - [27/Sep/2019:03:03:06 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 864 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/irctc-general/463-opt-berth-in-irctc" "
    66.102.6.166 - - [27/Sep/2019:03:03:06 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 879 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/irctc-general/463-opt-berth-in-irctc" "
    66.102.6.166 - - [27/Sep/2019:03:03:07 +0530] "POST /ajax/api/node/incrementNodeview HTTP/1.1" 200 843 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/irctc-general/463-opt-berth-in-irctc" "
    66.102.6.164 - - [27/Sep/2019:03:03:07 +0530] "POST /ajax/apidetach/cron/run HTTP/1.1" 200 876 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/irctc-general/463-opt-berth-in-irctc" "
    153.2.247.35 - - [27/Sep/2019:03:03:56 +0530] "OPTIONS /sites/default/files/docs/ HTTP/1.1" 200 433 "-" "Microsoft Office Protocol Discovery"
    153.2.247.35 - - [27/Sep/2019:03:03:57 +0530] "OPTIONS /sites/default/files/docs/ HTTP/1.1" 200 433 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:03:58 +0530] "HEAD /sites/default/files/docs/usazipcode-1512j.xlsx HTTP/1.1" 200 552 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:01 +0530] "OPTIONS /sites/default/files/ HTTP/1.1" 200 290 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:02 +0530] "HEAD /sites/default/files/docs/usazipcode-1512j.xlsx HTTP/1.1" 200 552 "-" "Microsoft Office Existence Discovery"
    153.2.247.35 - - [27/Sep/2019:03:04:26 +0530] "HEAD /sites/default/files/docs/usazipcode-1512j.xlsx HTTP/1.1" 200 409 "-" "Microsoft Office Existence Discovery"
    153.2.247.35 - - [27/Sep/2019:03:04:30 +0530] "OPTIONS /sites/default/files/docs/ HTTP/1.1" 200 433 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:30 +0530] "HEAD /sites/default/files/docs HTTP/1.1" 301 335 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:31 +0530] "HEAD /sites/default/files/docs/ HTTP/1.1" 302 341 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:31 +0530] "OPTIONS /sites/default/files/docs/ HTTP/1.1" 200 290 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:31 +0530] "HEAD /sites/default/files/docs HTTP/1.1" 301 335 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:32 +0530] "HEAD /sites/default/files/docs/ HTTP/1.1" 302 341 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:32 +0530] "OPTIONS /sites/default/files/docs/ HTTP/1.1" 200 290 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:32 +0530] "HEAD /sites/default/files/docs HTTP/1.1" 301 335 "-" "Microsoft Office Excel 2013"
    153.2.247.35 - - [27/Sep/2019:03:04:32 +0530] "HEAD /sites/default/files/docs/ HTTP/1.1" 302 341 "-" "Microsoft Office Excel 2013"
    66.102.6.164 - - [27/Sep/2019:03:05:47 +0530] "POST /ajax/api/options/fetchValues HTTP/1.1" 200 6400 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/login-password-recovery-issues/2294-change-your-irctc-account-password" "
    66.102.7.150 - - [27/Sep/2019:03:05:48 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 4353 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/login-password-recovery-issues/2294-change-your-irctc-account-password" "
    66.102.7.150 - - [27/Sep/2019:03:05:48 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 878 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/login-password-recovery-issues/2294-change-your-irctc-account-password" "
    66.102.7.150 - - [27/Sep/2019:03:05:48 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 864 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/login-password-recovery-issues/2294-change-your-irctc-account-password" "
    66.102.7.152 - - [27/Sep/2019:03:05:49 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 879 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/login-password-recovery-issues/2294-change-your-irctc-account-password" "
    66.102.7.148 - - [27/Sep/2019:03:05:49 +0530] "POST /ajax/api/node/incrementNodeview HTTP/1.1" 200 843 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/login-password-recovery-issues/2294-change-your-irctc-account-password" "
    66.102.7.152 - - [27/Sep/2019:03:05:49 +0530] "POST /ajax/apidetach/cron/run HTTP/1.1" 200 876 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/login-password-recovery-issues/2294-change-your-irctc-account-password" "
    106.79.65.224 - - [27/Sep/2019:03:07:35 +0530] "POST /job.php HTTP/1.1" 200 552 "https://forum.non-vbulletin-site.com/threads/headz-hair-fixing-center-how-i-was-scammed-of-rs-28-500.2643/" "
    186.101.252.221 - - [27/Sep/2019:03:09:04 +0530] "POST /user/login HTTP/1.1" 200 16541 "-" "
    66.102.6.166 - - [27/Sep/2019:03:19:52 +0530] "POST /ajax/api/options/fetchValues HTTP/1.1" 200 944 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/180-how-to-verify-a-ticket-whether-a-person-has-traveled-or-not" "
    66.102.6.166 - - [27/Sep/2019:03:19:52 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 4353 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/180-how-to-verify-a-ticket-whether-a-person-has-traveled-or-not" "
    66.102.6.166 - - [27/Sep/2019:03:19:53 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 878 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/180-how-to-verify-a-ticket-whether-a-person-has-traveled-or-not" "
    66.102.6.166 - - [27/Sep/2019:03:19:53 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 864 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/180-how-to-verify-a-ticket-whether-a-person-has-traveled-or-not" "
    66.102.6.166 - - [27/Sep/2019:03:19:53 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 879 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/180-how-to-verify-a-ticket-whether-a-person-has-traveled-or-not" "
    66.102.6.164 - - [27/Sep/2019:03:19:53 +0530] "POST /ajax/api/node/incrementNodeview HTTP/1.1" 200 843 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/180-how-to-verify-a-ticket-whether-a-person-has-traveled-or-not" "
    66.102.6.164 - - [27/Sep/2019:03:19:54 +0530] "POST /ajax/apidetach/cron/run HTTP/1.1" 200 876 "https://forum.example.com/forum/rail-train-general-information-%E0%A4%B0%E0%A5%87%E0%A4%B2-%E0%A4%95%E0%A5%80-%E0%A4%B8%E0%A4%BE%E0%A4%AE%E0%A4%BE%E0%A4%A8%E0%A5%8D%E0%A4%AF-%E0%A4%9C%E0%A4%BE%E0%A4%A8%E0%A4%95%E0%A4%BE%E0%A4%B0%E0%A5%80/general-queries-ad/180-how-to-verify-a-ticket-whether-a-person-has-traveled-or-not" "
    79.142.76.244 - - [27/Sep/2019:03:21:52 +0530] "POST /forum/irctc-account-irctc-%25E0%25A4%2591%25E0%25A4%25A8%25E0%25A4%25B2%25E0%25A4%25BE%25E0%25A4%2587%25E0%25A4%25A8-%25E0%25A4%258F%25E0%25A4%2595%25E0%25A4%25BE%25E0%25A4%2589%25E0%25A4%2582%25E0%25A4%259F/irctc-general/index.php?routestring=ajax/render/widget_php HTTP/1.1" 200 5990 "-" "
    79.142.76.244 - - [27/Sep/2019:03:22:02 +0530] "POST /forum/while-in-train-%25E0%25A4%259C%25E0%25A4%25AC-%25E0%25A4%259F%25E0%25A5%258D%25E0%25A4%25B0%25E0%25A5%2587%25E0%25A4%25A8-%25E0%25A4%25AE%25E0%25A5%2588%25E0%25A4%2582-%25E0%25A4%25B9%25E0%25A5%2588%25E0%25A4%2582/id-proofs-reg/index.php?routestring=ajax/render/widget_php HTTP/1.1" 200 5990 "-" "
    79.142.76.244 - - [27/Sep/2019:03:22:04 +0530] "POST /forum/ticket-booking-cancellation-%25E0%25A4%259F%25E0%25A4%25BF%25E0%25A4%2595%25E0%25A4%259F-%25E0%25A4%25AC%25E0%25A5%2581%25E0%25A4%2595%25E0%25A4%25BF%25E0%25A4%2582%25E0%25A4%2597-%25E0%25A4%25B0%25E0%25A4%25A6%25E0%25A5%258D%25E0%25A4%25A6%25E0%25A5%2580%25E0%25A4%2595 %25E0%25A4%25B0%25E0%25A4%25A3/refund-after-chart-preparation/index.php?routestring=ajax/render/widget_php HTTP/1.1" 200 5990 "-" "
    79.142.76.244 - - [27/Sep/2019:03:22:32 +0530] "POST /index.php?routestring=ajax/render/widget_php HTTP/1.1" 200 5990 "-" "
    185.253.97.252 - - [27/Sep/2019:03:26:19 +0530] "POST /forum/irctc-account-irctc-%25E0%25A4%2591%25E0%25A4%25A8%25E0%25A4%25B2%25E0%25A4%25BE%25E0%25A4%2587%25E0%25A4%25A8-%25E0%25A4%258F%25E0%25A4%2595%25E0%25A4%25BE%25E0%25A4%2589%25E0%25A4%2582%25E0%25A4%259F/irctc-general/index.php?routestring=ajax/render/widget_php HTTP/1.1" 200 5990 "-" "
    185.253.97.252 - - [27/Sep/2019:03:26:23 +0530] "POST /forum/while-in-train-%25E0%25A4%259C%25E0%25A4%25AC-%25E0%25A4%259F%25E0%25A5%258D%25E0%25A4%25B0%25E0%25A5%2587%25E0%25A4%25A8-%25E0%25A4%25AE%25E0%25A5%2588%25E0%25A4%2582-%25E0%25A4%25B9%25E0%25A5%2588%25E0%25A4%2582/id-proofs-reg/index.php?routestring=ajax/render/widget_php HTTP/1.1" 200 5990 "-" "
    185.253.97.252 - - [27/Sep/2019:03:26:24 +0530] "POST /forum/ticket-booking-cancellation-%25E0%25A4%259F%25E0%25A4%25BF%25E0%25A4%2595%25E0%25A4%259F-%25E0%25A4%25AC%25E0%25A5%2581%25E0%25A4%2595%25E0%25A4%25BF%25E0%25A4%2582%25E0%25A4%2597-%25E0%25A4%25B0%25E0%25A4%25A6%25E0%25A5%258D%25E0%25A4%25A6%25E0%25A5%2580%25E0%25A4%2595 %25E0%25A4%25B0%25E0%25A4%25A3/refund-after-chart-preparation/index.php?routestring=ajax/render/widget_php HTTP/1.1" 200 5990 "-" "
    40.77.189.16 - - [27/Sep/2019:03:26:39 +0530] "POST /ajax/api/options/fetchValues HTTP/1.1" 200 6233 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/login-password-recovery-issues" "
    40.77.189.16 - - [27/Sep/2019:03:26:40 +0530] "POST /ajax/api/phrase/getPhrases HTTP/1.1" 200 8988 "https://forum.example.com/forum/irctc-account-irctc-%E0%A4%91%E0%A4%A8%E0%A4%B2%E0%A4%BE%E0%A4%87%E0%A4%A8-%E0%A4%8F%E0%A4%95%E0%A4%BE%E0%A4%89%E0%A4%82%E0%A4%9F/login-password-recovery-issues" "
    193.201.224.246 - - [27/Sep/2019:03:29:54 +0530] "POST /register/register HTTP/1.0" 303 5559 "https://forum.non-vbulletin-site.com/register/" "
    193.201.224.246 - - [27/Sep/2019:03:29:58 +0530] "POST /login/login HTTP/1.0" 200 24995 "https://forum.non-vbulletin-site.com/login/" "

Related Topics

Collapse

Working...
X