The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ajax Becon

Discussion in 'Security' started by keat63, Nov 11, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I've seen a few of these i my logs over the last few days.

    File does not exist: /home/xxxxxxx/public_html/ajaxbecon, referer: https://www.xxxx.co.uk/index.php?act=login&redir=L2luZGV4LnBocA==

    Any ideas what this might be. Had it come from China or Russia, i'd just ignore it and be happy that my security is doing it's job. However, this is from the UK so could potentially be a customer struggling to login ??
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hold on, https ???

    we don't have https
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    An attack of some sort. Google this to find more of the same:
    index.php?act=login&redir=L2luZGV4LnBocA==

    I can't imagine one of your users hitting a URL that doesn't/never existed.
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    After doing a little digging, it would appear that this code appears in one of the cart files.
    However, I don't have a clue what it means, but is quite clearly meant to be there.


    <span class="txtSession">[</span><a href="/index.php?act=login&amp;redir=L2luZGV4LnBocA==" class="txtSession">Login</a>



    I noticed that the error log mentions 'https' which our site doesn't have.
    Maybe the fact the url doesn't exist is the https ??
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You are seeing the access request in the error log. You are welcome to enter that URL manually in your browser if you want to verify it does not exist (using the https URL).

    Thank you.
     

Share This Page