New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Web bots are after /a2billing/common/javascript/misc.js #149
Comments
Thanks for letting us know |
You're quite welcome! |
Perhaps just sniffing whether the site has installed a2billing service, and your php code may have a security hole. |
Yes makes sense that they could well be sniffing that file because it's small, quick to download, but actually are after a vulnerability elsewhere in the code. The bots seem to be performing requests by IP as that's the error that's getting thrown by mod_security and got my attention in the logs, which suggests a large-scale scan, and would certainly argue, on the part of the bot, for a GET against a small file. |
Sorry for necroing this thread however my personal development server has been pretty much attacked by several bots looking for this exact file on my server. Around roughly 184 requests for a file that always 404s, is there any reason why they would or is it just bad bot design? Some statistics, all of the requests are from Cloud Computing providers I have had no knowledge of previously.
|
They are probably looking for installed version of A2Billing, some of the old ones have important security issues. |
Still happening |
Not much to be done really, as the file isn't there, and anybody running a2billing should have updated from the vulnerable versions, this is not actually a security risk. I suppose at least now this thread is here to reassure anyone who needs to be… |
Hello,
First off, I know this is not an issue with a2billing. I just thought I would let you know that a rather large number of web bots have been crawling my servers lately, looking to GET this particular file in your web app : /a2billing/common/javascript/misc.js.
To show the extent of this, here is an abuseipdb report for just one of multiple IPs performing these scans.
From what I can tell (but I am no javascript security expert), there is no particular security implication from the window.open() call in the lone function that this file holds. Nevertheless, I thought I would mention this activity to you, the developer(s)/maintainer(s) of this product, as this is indeed not an issue for me, but could well be for any people using your product in a live environment, if those behind the web bots have found a way to exploit this file (I don't know that this is the case, but I simply cannot imagine why else anybody would be crawling after that specific piece of javascript).
So there it is. Just a heads up.
All the best,
Mark.
The text was updated successfully, but these errors were encountered: