[opencms-dev] opencms attack?

Webmaster webmaster at lenord.de
Wed Mar 12 15:35:15 CET 2008


Hello list

in the last week I found some "strange" error messages in the opencms
log:

org.opencms.file.CmsVfsResourceNotFoundException: Error reading
resource from path
"/http://www.channelnewsperu.com/imagenes/publicaciones/fotos/nepicu/egul/".
05 Mrz 2008 04:19:08,975 ERROR [rnet.ProductReportRelationBean: 291]
Fehler beim Filtern der Berichte zum Produkt
http://www.channelnewsperu.com/imagenes/publicaciones/fotos/nepicu/egul/


org.opencms.file.CmsVfsResourceNotFoundException: Error reading
resource from path
"/http://www.pattibus.it/phplib-7.2b/pages/ilosi/dohigal/".
05 Mrz 2008 04:19:12,960 ERROR [rnet.ProductReportRelationBean: 291]
Fehler beim Filtern der Berichte zum Produkt
http://www.pattibus.it/phplib-7.2b/pages/ilosi/dohigal/ 

It seems as if someone tries to "inject" prepared urls in our
database.
For me it looks like an attack on the opencms web application.

The mentioned class "ProductReportRelationBean" is a functionality
programmed by our own.
We use an opencms 6.2.3 system release.

Did anyone of you made the same observations?
Where can I find resources concerning the safeguarding of java apps in
general and opencms systems or apps in special?

Any hints are appreciated!

Kind regards

Stefan Hamelmann

-- 

Lenord + Bauer Online Team

Lenord, Bauer & Co. GmbH
Dohlenstr. 32
46145 Oberhausen
Germany

Phone: +49 208 9963-0
Fax:  + 49 208 677 642
       
http://www.lenord.de


Lenord, Bauer & Co. GmbH - Dohlenstrasse 32 - 46145 Oberhausen - Germany
Geschäftsführer/Managing director: Hans-Georg Wilk
Amtsgericht/Trade register: Duisburg HRB 12033
Tel.: +49 (0)208 9963-0 - Fax: +49 (0)208 676292
Internet: www.lenord.de - E-Mail: info at lenord.de

Besuchen Sie unsere Website und abonnieren Sie unseren Newsletter unter
www.lenord.de/newsletter. So bleiben Sie stets auf dem Laufenden! 
Visit our website and subscribe to our newsletter at
www.lenord.de/newsletter. It keeps you up to date!



More information about the opencms-dev mailing list