| Question: |
Good afternoon. Today in 0.15 was hacked our site naa.az who is this hosting. You are asked to send a list of the ip which made the entrance to the site, and a list of the vulnerabilities of the website. |
| Answer: |
Hello. what is hacking? we are not aware of vulnerabilities of your website. we now scan it for viruses and provide You with a report. utochnyat what will give You a list of ip visited the website? |
| Answer: |
the report http://naa.az/AI-BOLIT-REPORT-__-927725-21-09-2016_12-31.html |
| Question: |
A little incorrectly expressed, the list of ip with which you`ve signed-in to cpanel site |
| Answer: |
the log sent to [email protected] |
| Question: |
Still a request: is it Possible to send logs with IP addresses for access to the naa.az/wp-admin |
| Answer: |
we vyslali on [email protected] |
| Answer: |
even the logs in the root of the website in the archive naa.earthinter.net-Sep-2016.gz |
| Question: |
Please send logs of access to the naa.az/wp-admin and naa.az/wp-login.php over the past two days, since you sent just today. |
| Question: |
Also please provide you full logs for September |
| Answer: |
the Question referred to the administrator, wait for amp. |
| Question: |
ok |
| Answer: |
we have provided You with all available logs |
| Question: |
Good afternoon, sorry to bother you again, unfortunately we need to find the information in these logs was not possible. In this regard, I would also like to ask you to send us the ftp logs for the last month |
| Answer: |
Logs sent to [email protected] |
| Question: |
Thank you |
| Answer: |
OK |
| Question: |
Good afternoon. Recently you sent us the logs of the access to wp-admin, cpanel and ftp for naa.az. Please send all the logs of all queries which you have this month for the site naa.az, Advance very grateful to you.P.S. Ask these logs you have because. what`s in those logs that you sent nothing suspicious was found. We suspect that used for hacking any Sql-Injection or xss. Therefore, we need to examine all requests to the site. |
| Answer: |
Hello. we send You all the information available to us the logs. other logs we have no |
| Question: |
But you have sent to us separately logs for wp-admin, cpanel and ftp, all other requests we have. You want to say that the logs are written only for the above structures of the site? |
| Question: |
we need all ip addresses to all parts of the website that we could find and see what ip address visited the n-th page and which sent Zapresic example :http://naa.az/?page_id=959 and t,d, |
| Answer: |
We sent all of our logs. We have no others |
| Question: |
Okay, in that case I ask you to send us is entirely all at once, what you have to naa.az. sorry for the inconvenience. |
| Answer: |
so we are sent, sent the logs panel, sent through the access logs , sent ftp logs |
| Question: |
Yes, you have sent , but we also need logs of access to all directories, files, so please send everything you have, ie you want to say that you have logs wp-admin, cpanel And FTP and other logs you do not lead?If, say, somebody will make entry through the index.php?id=something, then you have it not fixed? |
| Answer: |
we have sent You all the access logs. other logs have no logs were also in the archive in the folder of your website |
| Question: |
ya dumayu mi drug druga ne poneli. ne ujeli u vas net logov ?vi nam visalali tolko cpanel logi-logi a potom tolko dlya wp-admini yesho ftp logindopustim ya xocu logi dlya etoy ssilkihttp://naa.az/?the primary objective of BCC=89kak ya mogu opredelit kakoy ip adres zaxodil po etoy ssilke ?poetomu proshu ya vishlite nam logi dlya etogo vse mojet bit saytakak takoye cto logi dlya papki wp-admin u vas yest a logi dlya drugix ssilok net?mne ne nujno logi tolko dlya mest avtorizacii a nujni vse logi toyest ko na when zaxodil http://naa.az/?page_id=89ili zaxodil na http://naa.az/?page_id=55 ili http://naa.az/?page_id=44 ya yasno smog obyasnit ?yesli kto to otpravlyal zapros http://naa.az/?page_id=89`+select+all*from ....cto budet togda?logi ne soxranyatsya ?toyest yesli ktoto vipolnit sql injection u menya na sayte ya ne nesmogu kak uznat kto i kogda eto delal ?ya smog obyasnit cto ya xocu ?vishlite pojaluysta nam vse logi kotoriye absolyutno vse u vas yestzaranee spasibo |
| Answer: |
even the logs in the root of the website in the archive of the naa.earthinter.net-Sep-2016.g |
| Question: |
Sorry is it possible to contact your support via Skype ? |
| Answer: |
we have support only in ticket system. soobshaet what is required |
| Question: |
Here`s an example: we have a suspicious log that we found in the logs.Such examples have several.212.86.107.36 - - [16/Sep/2016:17:50:49 +0300] \"GET /wp-login.php?action=http://hitmjnoOmERPT.bxss.me/ HTTP/1.0\" 200 1010 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21\"As you can see from the log in field IP address recorded address hostingowe all the other logs we see the same thing. We need to know the IP addresses of those who sent these requests. In your provided logs this information to find is not possible.All queries are fixed, only the public IP of the server on which stands the site. |
| Answer: |
inveniet but other logs we have. we have only logs web server logs panel and General log from which we selected You to log ftp access. in the log of nginx is not written domain address nginx is the frontend and writes to the log only si requests without reference to the domain. if you provide the ip address with which the request is made, we can also provide you with all the available queries. but the logs have rotate. httpd log stored day , the longest system log, from which we took information ftp/ we have provided you with all informciju what we had |
| Question: |
Quoting you, \"General log from which we selected You to log ftp access\", please Send us this common log |
| Answer: |
we have already sent. |
| Answer: |
here`s what in it now to Your account
Sep 21 09:33:16 zala pure-ftpd: ([email protected]) [INFO] tural147 is now logged in
Sep 21 09:33:17 zala pure-ftpd: ([email protected]) [INFO] Logout.
Sep 21 09:33:33 zala pure-ftpd: ([email protected]) [INFO] tural147 is now logged in
Sep 21 09:33:34 zala pure-ftpd: ([email protected]) [INFO] Logout.
Sep 21 09:33:45 zala pure-ftpd: ([email protected]) [INFO] tural147 is now logged in
Sep 21 09:33:46 zala pure-ftpd: ([email protected]) [INFO] Logout.
Sep 23 16:25:04 zala pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [tural147]
it`s |
| Question: |
We are interested in the interval from 15 to 22 September |
| Answer: |
we do not have such data, the logs are constantly updated. |
