Extensions using AWS? - Joomla! Forum - community, help and support
the siteground team got me something, possibly installed, joomla using uses amazon web service. don't remember installing though use it... familiar? ip addeesses come show activity.
i investigated case , in order rule out issues caused malicious content scanned account , here results:
code:
[hex]chr_chr_eval_base64 [25/02/16] /home/denverd6/public_html/components/com_rseventspro/helpers/phpthumb/phpthumb.ico.php
however since single file not seem problem high resources usage further checked case , noticed large amount of requests regularly made similar ip networks:
code:
unique visitors pages hits bandwidth last visit
54.211.123.139 3,789 3,789 39.23 mb 16 jun 2016 - 22:55
54.81.98.249 3,739 3,739 38.74 mb 16 jun 2016 - 22:55
54.157.33.35 3,714 3,714 38.49 mb 16 jun 2016 - 22:55
54.80.126.188 3,713 3,713 38.47 mb 16 jun 2016 - 22:55
54.161.191.56 3,650 3,650 37.82 mb 16 jun 2016 - 22:48
54.163.190.155 3,512 3,512 36.45 mb 16 jun 2016 - 22:55
54.234.20.219 2,669 2,669 28.68 mb 16 jun 2016 - 22:47
54.90.171.18 2,597 2,597 27.78 mb 16 jun 2016 - 23:01
i checked of ip's , appears related amazonaws service:
code:
stanimirpanayotov@stanimir-panayotov:~$ host 54.157.33.35
35.33.157.54.in-addr.arpa domain name pointer ec2-54-157-33-35.compute-1.amazonaws.com.
stanimirpanayotov@stanimir-panayotov:~$ host 54.80.126.188
188.126.80.54.in-addr.arpa domain name pointer ec2-54-80-126-188.compute-1.amazonaws.com.
stanimirpanayotov@stanimir-panayotov:~$ host 54.163.190.155
155.190.163.54.in-addr.arpa domain name pointer ec2-54-163-190-155.compute-1.amazonaws.com.
i investigated case , in order rule out issues caused malicious content scanned account , here results:
code:
[hex]chr_chr_eval_base64 [25/02/16] /home/denverd6/public_html/components/com_rseventspro/helpers/phpthumb/phpthumb.ico.php
however since single file not seem problem high resources usage further checked case , noticed large amount of requests regularly made similar ip networks:
code:
unique visitors pages hits bandwidth last visit
54.211.123.139 3,789 3,789 39.23 mb 16 jun 2016 - 22:55
54.81.98.249 3,739 3,739 38.74 mb 16 jun 2016 - 22:55
54.157.33.35 3,714 3,714 38.49 mb 16 jun 2016 - 22:55
54.80.126.188 3,713 3,713 38.47 mb 16 jun 2016 - 22:55
54.161.191.56 3,650 3,650 37.82 mb 16 jun 2016 - 22:48
54.163.190.155 3,512 3,512 36.45 mb 16 jun 2016 - 22:55
54.234.20.219 2,669 2,669 28.68 mb 16 jun 2016 - 22:47
54.90.171.18 2,597 2,597 27.78 mb 16 jun 2016 - 23:01
i checked of ip's , appears related amazonaws service:
code:
stanimirpanayotov@stanimir-panayotov:~$ host 54.157.33.35
35.33.157.54.in-addr.arpa domain name pointer ec2-54-157-33-35.compute-1.amazonaws.com.
stanimirpanayotov@stanimir-panayotov:~$ host 54.80.126.188
188.126.80.54.in-addr.arpa domain name pointer ec2-54-80-126-188.compute-1.amazonaws.com.
stanimirpanayotov@stanimir-panayotov:~$ host 54.163.190.155
155.190.163.54.in-addr.arpa domain name pointer ec2-54-163-190-155.compute-1.amazonaws.com.
could virus: see https://forums.techguy.org/threads/amaz ... s.1053713/ , http://www.techsupportforum.com/forums/ ... 74161.html
... might legit because amazon web services use ip address range 54.*.*.* , *.amazonaws.com redirects aws.amazon.com
so, couldn't say.
... might legit because amazon web services use ip address range 54.*.*.* , *.amazonaws.com redirects aws.amazon.com
so, couldn't say.
Comments
Post a Comment