tracing the sql injection

Protecting your Linux box

tracing the sql injection

Postby sevensins » Sat Nov 20, 2010 5:31 am

Salaam,

Running joomla 1.5.20, admin user password got changed but a malicious user. he/she could not access the joomla administration as it was password protected. Would like help / pointers by all esteemed linuxpakistan members and would much appreciate.

The malicious user 1.x.x.x - Password changed @ 08:15AM 19 Nov 2010.

The LONG RAW Access Log of 1.x.x.x activity
2.x.x.x - - [19/Nov/2010:08:05:34 +0500] "GET / HTTP/1.1" 200 9305 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
1.x.x.x - - [19/Nov/2010:08:05:51 +0500] "GET / HTTP/1.1" 200 9304 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:52 +0500] "GET /templates/system/css/system.css HTTP/1.1" 200 1385 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:52 +0500] "GET /plugins/system/rokbox/themes/light/rokbox-style.css HTTP/1.1" 200 2841 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:52 +0500] "GET /templates/system/css/general.css HTTP/1.1" 200 2777 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:52 +0500] "GET /templates/rt_affinity_j15/css/rokmoomenu.css HTTP/1.1" 200 1084 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:52 +0500] "GET /components/com_acymailing/css/module_default.css HTTP/1.1" 200 486 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:52 +0500] "GET /templates/rt_affinity_j15/css/template.css HTTP/1.1" 200 39639 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:52 +0500] "GET /modules/mod_rokstories/tmpl/css/rokstories.css HTTP/1.1" 200 2882 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:52 +0500] "GET /templates/rt_affinity_j15/css/extras.css HTTP/1.1" 200 23951 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:52 +0500] "GET /templates/rt_affinity_j15/css/style5.css HTTP/1.1" 200 34861 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /media/system/js/caption.js HTTP/1.1" 200 1963 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /plugins/system/rokbox/rokbox.js HTTP/1.1" 200 22076 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /plugins/system/rokbox/themes/light/rokbox-config.js HTTP/1.1" 200 2598 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /templates/rt_affinity_j15/js/rokfonts.js HTTP/1.1" 200 982 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /templates/rt_affinity_j15/css/typography.css HTTP/1.1" 200 9846 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /templates/rt_affinity_j15/js/rokdate.js HTTP/1.1" 200 1079 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /media/system/js/mootools.js HTTP/1.1" 200 74434 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /templates/rt_affinity_j15/js/rokutils.js HTTP/1.1" 200 2233 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /templates/rt_affinity_j15/js/rokutils.inputs.js HTTP/1.1" 200 2467 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /templates/rt_affinity_j15/js/roksortable.js HTTP/1.1" 200 8705 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:53 +0500] "GET /templates/rt_affinity_j15/js/rokmoomenu.js HTTP/1.1" 200 5040 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /templates/rt_affinity_j15/js/mootools.bgiframe.js HTTP/1.1" 200 964 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /components/com_acymailing/js/acymailing_module.js HTTP/1.1" 200 2629 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /modules/mod_rokstories/tmpl/js/rokstories.js HTTP/1.1" 200 4914 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /modules/mod_rokajaxsearch/js/rokajaxsearch.js HTTP/1.1" 200 15778 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /templates/rt_affinity_j15/favicon.ico HTTP/1.1" 200 5430 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /plugins/system/pc_includes/ajax_1.3.js HTTP/1.1" 200 8947 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /images/stories/demo/rokstories/1_thumb.jpg HTTP/1.1" 200 5683 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /images/stories/demo/rokstories/4_thumb.jpg HTTP/1.1" 200 12269 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /images/stories/demo/rokstories/5_thumb.jpg HTTP/1.1" 200 12191 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /images/stories/demo/rokstories/3_thumb.jpg HTTP/1.1" 200 6000 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"

1.x.x.x - - [19/Nov/2010:08:05:54 +0500] "GET /components/com_joomlawatch/img.php?rand=85968 HTTP/1.1" 200 807 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /components/com_jomcomment/style.css HTTP/1.1" 200 7870 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /components/com_jomcomment/templates/default/comment_style.css HTTP/1.1" 200 7000 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/topbar-buttons.png HTTP/1.1" 200 2484 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/header-bg.png HTTP/1.1" 200 1368 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/header-bg-overlay.png HTTP/1.1" 200 7572 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/logo.png HTTP/1.1" 200 5742 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/searchmod-top.png HTTP/1.1" 200 1520 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/searchmod-main.png HTTP/1.1" 200 1699 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/searchmod-input.png HTTP/1.1" 200 1485 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/header-bg2.png HTTP/1.1" 200 1466 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/page-bg2.png HTTP/1.1" 200 32529 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/horizmenu-bg.png HTTP/1.1" 200 1302 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:55 +0500] "GET /templates/rt_affinity_j15/images/style5/horizmenu-l.png HTTP/1.1" 200 2234 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/horizmenu-r.png HTTP/1.1" 200 2092 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/drop-arrow.png HTTP/1.1" 200 1884 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/drop-top-l.png HTTP/1.1" 200 1486 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/drop-top-r.png HTTP/1.1" 200 1517 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/drop-bg-2.png HTTP/1.1" 200 4698 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/drop-div.png HTTP/1.1" 200 1253 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/drop-daddy.png HTTP/1.1" 200 1366 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/drop-top-1.png HTTP/1.1" 200 1713 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/drop-bg-1.png HTTP/1.1" 200 3787 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/showcase-m.png HTTP/1.1" 200 1386 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/showcase-l.png HTTP/1.1" 200 1527 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/showcase-r.png HTTP/1.1" 200 1506 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/move-handle.png HTTP/1.1" 200 1389 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:56 +0500] "GET /templates/rt_affinity_j15/images/style5/surround-topbot.png HTTP/1.1" 200 1378 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/surround-corners.png HTTP/1.1" 200 2212 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/surround-l.png HTTP/1.1" 200 1275 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/surround-r.png HTTP/1.1" 200 1275 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/feature-block-corner.png HTTP/1.1" 200 2083 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/readon-l.png HTTP/1.1" 200 1943 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/readon-m.png HTTP/1.1" 200 1381 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/readon-r.png HTTP/1.1" 200 1960 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/row-handle.png HTTP/1.1" 200 2977 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/module-h3-m.png HTTP/1.1" 200 1455 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/module-h3-l.png HTTP/1.1" 200 1632 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/module-h3-r.png HTTP/1.1" 200 1651 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/breadcrumb-home.png HTTP/1.1" 200 2052 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:57 +0500] "GET /templates/rt_affinity_j15/images/style5/feature-block-arrows.png HTTP/1.1" 200 46811 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:58 +0500] "GET /components/com_jomcomment/templates/default/images/toolbar.gif HTTP/1.1" 200 2288 "http://mysite.com/components/com_jomcomment/templates/default/comment_style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:58 +0500] "GET /templates/rt_affinity_j15/images/style5/mainbody-corners.png HTTP/1.1" 200 1842 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:58 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-move-handle.png HTTP/1.1" 200 1391 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:58 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-surround-topbot.png HTTP/1.1" 200 1376 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:58 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-surround-corners.png HTTP/1.1" 200 2316 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:59 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-surround-l.png HTTP/1.1" 200 1275 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:59 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-surround-r.png HTTP/1.1" 200 1275 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:59 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-module-h3-m.png HTTP/1.1" 200 1467 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"

1.x.x.x - - [19/Nov/2010:08:05:59 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-module-h3-l.png HTTP/1.1" 200 1860 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:05:59 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-module-h3-r.png HTTP/1.1" 200 1748 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:00 +0500] "GET /animated_favicon1.gif HTTP/1.1" 200 2899 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:00 +0500] "GET /favicon.ico HTTP/1.1" 200 5430 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:00 +0500] "GET /index.php?option=com_content&view=category&layout=blog&id=1&Itemid=50 HTTP/1.1" 200 8388 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:01 +0500] "GET /templates/rt_affinity_j15/images/pdf_button.png HTTP/1.1" 200 1960 "http://mysite.com/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=50" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:01 +0500] "GET /templates/rt_affinity_j15/images/printButton.png HTTP/1.1" 200 2033 "http://mysite.com/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=50" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:01 +0500] "GET /templates/rt_affinity_j15/images/style5/article-surround-l.png HTTP/1.1" 200 1493 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:01 +0500] "GET /templates/rt_affinity_j15/images/style5/white-radio-button.png HTTP/1.1" 200 2413 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:01 +0500] "GET /templates/rt_affinity_j15/images/emailButton.png HTTP/1.1" 200 1917 "http://mysite.com/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=50" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:01 +0500] "GET /templates/rt_affinity_j15/images/style5/article-surround-r.png HTTP/1.1" 200 1593 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:01 +0500] "GET /templates/rt_affinity_j15/images/style5/module-div.png HTTP/1.1" 200 1252 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:01 +0500] "GET /templates/rt_affinity_j15/images/style5/radio-button.png HTTP/1.1" 200 2493 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:02 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-move-handle.png HTTP/1.1" 200 1391 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:02 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-surround-corners.png HTTP/1.1" 206 1150 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:03 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-module-h3-m.png HTTP/1.1" 200 1467 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:03 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-module-h3-l.png HTTP/1.1" 200 1860 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:03 +0500] "GET /templates/rt_affinity_j15/images/style5/dark-module-h3-r.png HTTP/1.1" 200 1748 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:03 +0500] "GET /components/com_joomlawatch/img.php?rand=52754 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=50" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:04 +0500] "GET /templates/rt_affinity_j15/images/style5/bottom-bg.png HTTP/1.1" 200 1434 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:04 +0500] "GET /templates/rt_affinity_j15/images/style5/bottom-menu-m.png HTTP/1.1" 200 1285 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:04 +0500] "GET /templates/rt_affinity_j15/images/style5/bottom-menu-l.png HTTP/1.1" 200 1985 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:04 +0500] "GET /templates/rt_affinity_j15/images/style5/bottom-menu-r.png HTTP/1.1" 200 2027 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:04 +0500] "GET /templates/rt_affinity_j15/images/style5/bottom-menu-overlay.png HTTP/1.1" 200 2593 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:04 +0500] "GET /templates/rt_affinity_j15/images/style5/horizmenu-div.png HTTP/1.1" 200 1249 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:04 +0500] "GET /plugins/system/rokbox/themes/light/tl.png HTTP/1.1" 200 1524 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:05 +0500] "GET /plugins/system/rokbox/themes/light/tr.png HTTP/1.1" 200 1603 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:05 +0500] "GET /plugins/system/rokbox/themes/light/top.png HTTP/1.1" 200 1334 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:05 +0500] "GET /plugins/system/rokbox/themes/light/left.png HTTP/1.1" 200 1316 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:05 +0500] "GET /plugins/system/rokbox/themes/light/right.png HTTP/1.1" 200 1317 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:05 +0500] "GET /plugins/system/rokbox/themes/light/bl.png HTTP/1.1" 200 1554 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:05 +0500] "GET /plugins/system/rokbox/themes/light/br.png HTTP/1.1" 200 1558 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:05 +0500] "GET /plugins/system/rokbox/themes/light/bottom.png HTTP/1.1" 200 1335 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:05 +0500] "GET /plugins/system/rokbox/themes/light/close.png HTTP/1.1" 200 404 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"


1.x.x.x - - [19/Nov/2010:08:06:46 +0500] "GET /administrator HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:53 +0500] "GET /index.php?option=com_content&view=category&layout=blog&id=1&Itemid=50 HTTP/1.1" 200 8388 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:54 +0500] "GET /components/com_joomlawatch/img.php?rand=21031 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=50" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:56 +0500] "GET /index.php?option=com_kunena&Itemid=114 HTTP/1.1" 200 11331 "http://mysite.com/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=50" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:57 +0500] "GET /components/com_kunena/template/default_ex/images/english/icons/tlock.gif HTTP/1.1" 200 631 "http://mysite.com/index.php?option=com_kunena&Itemid=114" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:57 +0500] "GET /components/com_kunena/template/default/js/kunenaforum.js HTTP/1.1" 200 4174 "http://mysite.com/index.php?option=com_kunena&Itemid=114" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:57 +0500] "GET /components/com_kunena/template/default_ex/images/english/shrink.gif HTTP/1.1" 200 73 "http://mysite.com/index.php?option=com_kunena&Itemid=114" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:57 +0500] "GET /components/com_kunena/template/default_ex/images/english/icons/folder_nonew.gif HTTP/1.1" 200 1323 "http://mysite.com/index.php?option=com_kunena&Itemid=114" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:57 +0500] "GET /components/com_kunena/template/default_ex/images/english/icons/tlatest.gif HTTP/1.1" 200 108 "http://mysite.com/index.php?option=com_kunena&Itemid=114" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:57 +0500] "GET /components/com_kunena/template/default_ex/kunena.forum.css HTTP/1.1" 200 29325 "http://mysite.com/index.php?option=com_kunena&Itemid=114" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:57 +0500] "GET /components/com_kunena/template/default/js/jquery-1.3.2.min.js HTTP/1.1" 200 57254 "http://mysite.com/index.php?option=com_kunena&Itemid=114" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:59 +0500] "GET /components/com_kunena/template/default_ex/images/english/emoticons/rss.gif HTTP/1.1" 200 787 "http://mysite.com/index.php?option=com_kunena&Itemid=114" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:59 +0500] "GET /components/com_kunena/template/default_ex/images/tabmenuright.gif HTTP/1.1" 200 15317 "http://mysite.com/components/com_kunena/template/default_ex/kunena.forum.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:59 +0500] "GET /components/com_kunena/template/default_ex/images/tabmenuleft.gif HTTP/1.1" 200 13826 "http://mysite.com/components/com_kunena/template/default_ex/kunena.forum.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:59 +0500] "GET /components/com_kunena/template/default_ex/images/search_icon.gif HTTP/1.1" 200 65 "http://mysite.com/components/com_kunena/template/default_ex/kunena.forum.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:59 +0500] "GET /components/com_kunena/template/default_ex/images/pathway_start.gif HTTP/1.1" 200 145 "http://mysite.com/components/com_kunena/template/default_ex/kunena.forum.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:59 +0500] "GET /components/com_joomlawatch/img.php?rand=95499 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_kunena&Itemid=114" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:59 +0500] "GET /components/com_kunena/template/default_ex/images/pathway_finallink.gif HTTP/1.1" 200 187 "http://mysite.com/components/com_kunena/template/default_ex/kunena.forum.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:59 +0500] "GET /components/com_kunena/template/default_ex/images/cat_title_bg.gif HTTP/1.1" 200 13297 "http://mysite.com/components/com_kunena/template/default_ex/kunena.forum.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:06:59 +0500] "GET /components/com_kunena/template/default_ex/images/cat_title_head_bg.gif HTTP/1.1" 200 13438 "http://mysite.com/components/com_kunena/template/default_ex/kunena.forum.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
4.x.x.x - - [19/Nov/2010:08:08:14 +0500] "HEAD / HTTP/1.1" 404 - "-" "libwww-perl/5.803"
3.x.x.x - - [19/Nov/2010:08:14:12 +0500] "GET / HTTP/1.1" 200 41275 "http://basicstate.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; http://basicstate.com/)"
1.x.x.x - - [19/Nov/2010:08:14:40 +0500] "GET / HTTP/1.1" 200 9304 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:41 +0500] "GET /templates/rt_affinity_j15/images/style5/feature-block-arrows.png HTTP/1.1" 206 11854 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:41 +0500] "GET /templates/rt_affinity_j15/images/style5/med-surround-topbot.png HTTP/1.1" 200 1356 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:41 +0500] "GET /templates/rt_affinity_j15/images/style5/med-move-handle.png HTTP/1.1" 200 1389 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:41 +0500] "GET /templates/rt_affinity_j15/images/style5/med-surround-corners.png HTTP/1.1" 200 2215 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:41 +0500] "GET /templates/rt_affinity_j15/images/style5/med-surround-l.png HTTP/1.1" 200 1275 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:41 +0500] "GET /templates/rt_affinity_j15/images/style5/med-surround-r.png HTTP/1.1" 200 1275 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:42 +0500] "GET /templates/rt_affinity_j15/images/style5/med-module-h3-m.png HTTP/1.1" 200 1455 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:42 +0500] "GET /templates/rt_affinity_j15/images/style5/med-module-h3-l.png HTTP/1.1" 200 1830 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:42 +0500] "GET /templates/rt_affinity_j15/images/style5/med-module-h3-r.png HTTP/1.1" 200 1711 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:42 +0500] "GET /modules/mod_rokstories/images/spinner.gif HTTP/1.1" 200 828 "http://mysite.com/modules/mod_rokstories/tmpl/css/rokstories.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:42 +0500] "GET /components/com_joomlawatch/img.php?rand=18743 HTTP/1.1" 200 807 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:42 +0500] "GET /images/stories/demo/rokstories/1.jpg HTTP/1.1" 200 39697 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
6.x.x.x - - [19/Nov/2010:08:14:46 +0500] "GET /images/stories/demo/flood2010/khalid/dscn0145.jpg HTTP/1.1" 404 - "-" "facebookexternalhit/1.0 (+http://www.facebook.com/externalhit_uatext.php)"
5.x.x.x - - [19/Nov/2010:08:14:47 +0500] "GET /images/stories/demo/flood2010/sawat1.jpg HTTP/1.1" 404 - "-" "facebookexternalhit/1.0 (+http://www.facebook.com/externalhit_uatext.php)"


1.x.x.x - - [19/Nov/2010:08:14:58 +0500] "GET /index.php?option=com_user&view=reset HTTP/1.1" 200 6096 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:59 +0500] "GET /media/system/js/validate.js HTTP/1.1" 200 4246 "http://mysite.com/index.php?option=com_user&view=reset" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:59 +0500] "GET /templates/rt_affinity_j15/images/style5/light-readon-l.png HTTP/1.1" 200 2030 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:14:59 +0500] "GET /components/com_joomlawatch/img.php?rand=62066 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_user&view=reset" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:00 +0500] "GET /templates/rt_affinity_j15/images/style5/light-readon-m.png HTTP/1.1" 200 1381 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:00 +0500] "GET /templates/rt_affinity_j15/images/style5/light-readon-r.png HTTP/1.1" 200 2047 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:12 +0500] "POST /index.php?option=com_user&task=requestreset HTTP/1.1" 303 - "http://mysite.com/index.php?option=com_user&view=reset" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:13 +0500] "GET /index.php?option=com_xijc&view=captcha HTTP/1.1" 200 6323 "http://mysite.com/index.php?option=com_user&view=reset" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:14 +0500] "GET /index.php?option=com_xijc&view=captcha&task=generateCaptchaImage&value=1290136513 HTTP/1.1" 200 2609 "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:14 +0500] "GET //components/com_xijc/assets/images/icon-refresh.png HTTP/1.1" 200 1442 "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:14 +0500] "GET /components/com_joomlawatch/img.php?rand=23788 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:21 +0500] "POST /index.php?option=com_xijc HTTP/1.1" 303 - "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:22 +0500] "GET /index.php?option=com_user&task=requestreset HTTP/1.1" 303 - "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:22 +0500] "GET /index.php?option=com_user&view=reset&layout=confirm HTTP/1.1" 200 6214 "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:23 +0500] "GET /components/com_joomlawatch/img.php?rand=17201 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:48 +0500] "POST /index.php?option=com_user&task=confirmreset HTTP/1.1" 303 - "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:49 +0500] "GET /index.php?option=com_user&view=reset&layout=confirm HTTP/1.1" 200 6286 "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:50 +0500] "GET /templates/rt_affinity_j15/images/alerts/notice-tl.png HTTP/1.1" 200 1311 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:50 +0500] "GET /templates/rt_affinity_j15/images/alerts/notice-bl.png HTTP/1.1" 200 1308 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:50 +0500] "GET /templates/rt_affinity_j15/images/alerts/notice-tr.png HTTP/1.1" 200 1306 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:50 +0500] "GET /templates/rt_affinity_j15/images/alerts/notice-br.png HTTP/1.1" 200 1306 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:50 +0500] "GET /templates/rt_affinity_j15/images/alerts/notice-icon.png HTTP/1.1" 200 1606 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:50 +0500] "GET /components/com_joomlawatch/img.php?rand=54156 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:56 +0500] "POST /index.php?option=com_user&task=confirmreset HTTP/1.1" 303 - "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:57 +0500] "GET /index.php?option=com_user&view=reset&layout=confirm HTTP/1.1" 200 6285 "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:15:58 +0500] "GET /components/com_joomlawatch/img.php?rand=15990 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:17:25 +0500] "GET /administrator HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:17:28 +0500] "GET /administrator HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:18:01 +0500] "GET /administrator/index.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:19:41 +0500] "GET /forum/?p=38&catId=2 HTTP/1.0" 404 - "http://www.mysite.com/forum/?p=38&catId=2" "Mozilla/2.0 (compatible; MSIE 3.02; Windows CE; 240x320)"
5.x.x.x - - [19/Nov/2010:08:20:36 +0500] "GET / HTTP/1.1" 200 9304 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"


1.x.x.x - - [19/Nov/2010:08:21:58 +0500] "GET /index.php?option=com_user&view=reset&layout=confirm HTTP/1.1" 200 6215 "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:21:59 +0500] "GET /components/com_joomlawatch/img.php?rand=57322 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:01 +0500] "GET /index.php?option=com_xijc&view=captcha HTTP/1.1" 200 6323 "http://mysite.com/index.php?option=com_user&view=reset" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:02 +0500] "GET /components/com_joomlawatch/img.php?rand=73186 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:02 +0500] "GET /index.php?option=com_xijc&view=captcha&task=generateCaptchaImage&value=1290136921 HTTP/1.1" 200 2639 "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
5.x.x.x - - [19/Nov/2010:08:22:03 +0500] "GET /index.php?option=com_content&view=article&id=43&Itemid=130 HTTP/1.1" 200 8013 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
1.x.x.x - - [19/Nov/2010:08:22:03 +0500] "GET /index.php?option=com_user&view=reset HTTP/1.1" 200 6095 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:04 +0500] "GET /components/com_joomlawatch/img.php?rand=8095 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_user&view=reset" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:10 +0500] "POST /index.php?option=com_user&task=requestreset HTTP/1.1" 303 - "http://mysite.com/index.php?option=com_user&view=reset" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:11 +0500] "GET /index.php?option=com_xijc&view=captcha HTTP/1.1" 200 6323 "http://mysite.com/index.php?option=com_user&view=reset" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:12 +0500] "GET /index.php?option=com_xijc&view=captcha&task=generateCaptchaImage&value=1290136931 HTTP/1.1" 200 2457 "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:12 +0500] "GET /components/com_joomlawatch/img.php?rand=18334 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:18 +0500] "POST /index.php?option=com_xijc HTTP/1.1" 303 - "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:19 +0500] "GET /index.php?option=com_user&task=requestreset HTTP/1.1" 303 - "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:19 +0500] "GET /index.php?option=com_user&view=reset&layout=confirm HTTP/1.1" 200 6215 "http://mysite.com/index.php?option=com_xijc&view=captcha" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:22:20 +0500] "GET /components/com_joomlawatch/img.php?rand=20487 HTTP/1.1" 200 807 "http://mysite.com/index.php?option=com_user&view=reset&layout=confirm" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:05 +0500] "GET / HTTP/1.1" 200 9302 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:06 +0500] "GET /components/com_joomlawatch/img.php?rand=14583 HTTP/1.1" 200 807 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:13 +0500] "GET /plugins/system/rokbox/themes/light/ajax-loader.gif HTTP/1.1" 200 3208 "http://mysite.com/plugins/system/rokbox/themes/light/rokbox-style.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:13 +0500] "GET /templates/rt_affinity_j15/images/style5/input-field-l.png HTTP/1.1" 200 2543 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:13 +0500] "GET /templates/rt_affinity_j15/images/style5/input-field-r.png HTTP/1.1" 200 3237 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:13 +0500] "GET /templates/rt_affinity_j15/images/style5/list-arrow.png HTTP/1.1" 200 1373 "http://mysite.com/templates/rt_affinity_j15/css/style5.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:35 +0500] "POST /index.php HTTP/1.1" 303 - "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:35 +0500] "GET / HTTP/1.1" 200 9369 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:36 +0500] "GET /components/com_joomlawatch/img.php?rand=19313 HTTP/1.1" 200 807 "http://mysite.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:37 +0500] "GET /templates/rt_affinity_j15/images/alerts/alert-tr.png HTTP/1.1" 200 1313 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:37 +0500] "GET /templates/rt_affinity_j15/images/alerts/alert-tl.png HTTP/1.1" 200 1318 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:37 +0500] "GET /templates/rt_affinity_j15/images/alerts/alert-bl.png HTTP/1.1" 200 1308 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:37 +0500] "GET /templates/rt_affinity_j15/images/alerts/alert-br.png HTTP/1.1" 200 1306 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
1.x.x.x - - [19/Nov/2010:08:24:37 +0500] "GET /templates/rt_affinity_j15/images/alerts/alert-icon.png HTTP/1.1" 200 1550 "http://mysite.com/templates/rt_affinity_j15/css/template.css" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3"
Regards,

-----------------------------------------------------------------
A wise monkey never monkies w/ another monkey's monkey!
sevensins
Havaldaar
 
Posts: 117
Joined: Tue Apr 13, 2004 1:45 pm
ICQ: 3655945
Website: http://www.us-cert.gov/
WLM: shehzad_h@hotmail.com
Yahoo Messenger: shehzadhamid@yahoo.com
Location: PAKISTAN

Postby phoenix » Sun Nov 21, 2010 9:54 pm

Aoa

Running joomla 1.5.20, admin user password got changed but a malicious user. he/she could not access the joomla administration as it was password protected. Would like help / pointers by all esteemed linuxpakistan members and would much appreciate.


I am breaking this into parts.

Running joomla 1.5.20, admin user password got changed [...]


That sounds like the Joomla admin user password got changed. Not by you. Some one changed it. Ok.

[...] but a malicious user. he/she could not access the joomla administration as it was password protected.


That sounds like the malicious user, he/she could not access the Joomla admin area because it was password protected ?!

The subject of the post says: "tracing the sql injection". Like the site was injected with malicious code and the post is asking about tracing the source of sql injection by looking at the posted logs. Which bye the way, I think contains links from 3 (?) sites: basicstate.com, baidu.com and mysite.com. I guess basicstate.com and baidu.com are not your sites. Which leaves mysite.com. Which is not great help.

When you ask a question, try to state your problem clearly. Otherwise it is just a waste of time for those who read it. And a greater waste of time for those who bother to reply (which they should not).

Now, if your site is hacked, the best thing to do would be to delete the infected Joomla installation and restore its backup (if you have one).

If you don't have your site's backup. Then first, try to save whatever you can. The template css files. Any modifications you made to the template itself. Save it.

If you just want to reset the admin password of Joomla, then this link might help: http://docs.joomla.org/How_do_you_recover_your_admin_password%3F

But the above link is for those who forgot or lost their Joomla admin password.

These are some notes for Joomla security you should keep in mind for future:

----------------------------------------------------------------------

Joomla 1.5 Security Checklist

* Keep your Joomla core up-to-date.

* Keep all your Joomla extensions (components, modules, plugins, templates) up-to-date as well. Follow extensions' websites and upgrade each extension as soon as new version is realized.

* Uninstall all extensions that you don't need.

* Delete superadministrator's account with ID=62, if it exists in your Joomla user manager.

* Change default username of your superadministrator's account from "admin" to something else.

* Use passwords that are combination of lowercase and uppercase letters, numbers and special characters.

* Don't CHMOD files on your server to 777. Use 644 instead. When your need to change some files, CHMOD them to 775 and, once you're done, back them to 644. Use FTP software to CHMOD files.

* When installing Joomla, use DB prefix different from default (jos_). If your current website uses this prefix, you still can change it using phpMyAdmin in your hosting control panel.

* Even if you follow all above instructions, your website still can be hacked. Chances are less, but certainly not 0%. Check with your hosting provider if they make regular server backups. Check if site restoration is included in price. Check how many times you are allowed to make site restorations per month/year. Check how much time you should wait for site restoration.

How your Joomla website is hacked?

Usually, attacker finds security hole in file on your server. It uses this hole to install malicious software. This software allows him to change files on your web space as you can change files on your own computer. They probably don't have interest to delete your files. Most likely, they will change your website and, instead of your content, put their content with advertisements. Malicious software will be hidden somewhere in your web space. When you put your Joomla website back to its normal state, you usually wouldn't find and delete the malicious software. So, they will get back and did the same thing several days later.

----------------------------------------------------------------------
The above notes were taken from http://www.hotjoomlatemplates.com/blog/joomla-security

Good luck.
__/__/__/__/__/__/__/__/__/__/__/__/
Pakistan - Kashmir
__/__/__/__/__/__/__/__/__/__/__/__/
phoenix
Havaldaar
 
Posts: 105
Joined: Wed Jan 18, 2006 4:02 pm
Yahoo Messenger: arslanone
Location: Islamabad

Postby sevensins » Mon Nov 22, 2010 8:26 pm

@phoenix thankyou for your useless reply. I am quite familiar with Joomla Security techniques, checklists and exploits.

are you acquainted with footprinting/trace techniques in digital forensics to the letter?? I dont believe so; so remaining argument/discussion will be useless here.


just for information for the masses and to close the topic;

The malicious user exploited the joomla token exploit.
Joomla - Token Password Reset Exploit and SQL Injection
http://discussion.accuwebhosting.com/joomla-token-password-reset-exploit-sql-injection_blog_by_kenn_106.html

This exploit was taken care of before ver 1.5.20 but here 1.5.20 got exploited with a custom admin account which worried me. Sent the required to joomla dev team as they are much more capable of answering the mystery in this situation rather than me wasting time here. :D
Regards,



-----------------------------------------------------------------

A wise monkey never monkies w/ another monkey's monkey!
sevensins
Havaldaar
 
Posts: 117
Joined: Tue Apr 13, 2004 1:45 pm
ICQ: 3655945
Website: http://www.us-cert.gov/
WLM: shehzad_h@hotmail.com
Yahoo Messenger: shehzadhamid@yahoo.com
Location: PAKISTAN


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest