Jump to content

Security Question - Log showing "GET /images/thumb/1/10/....."


Recommended Posts

Log usage shows access to my MediaWiki site using many random "GET /images/thumb/1/10/..." with the only previous entry for this IP is

 "GET /index.php?title=Special:ListFiles&offset=20170312163138"

I cannot understand these entries and failed to reconstruct/recreate them by normal access or though command line.

Could this be an "attack" on the site or someone using some other "sophisticated" tool.

There is no access to my images through Forced Browsing

Also the images are randomly selected with full name of image

Can anyone please offer me some explanation 


Link to comment
Share on other sites

There are no security issues here, and this is not an attack. Special:ListFiles is a special page on the wiki that lists all uploaded images, and from there you can obtain the full path to the image thumbnail.

This could either be some sort of crawler bot, or a person interested in the images on your site. They could be on a dynamic IP, which explains the lack of previous hits, or they could have known somehow that your site is a MediaWiki instance and therefore that Special:ListFiles exists (as it exists on every MediaWiki installation).

Regardless, nothing to worry about.

Link to comment
Share on other sites

Thanks for the reply 

ListFiles exists a SpecialPage but, when using ListFile&offset=20170312163138 you receive "You have requested an invalid special page." static IP

also at Special:ListFiles choosing an image gives the actual jpg and not a /images/thumb /1/10 , 5/59/, 4/49. 1/13, e/ea, etc

These are all completely random directory entries and a choice of single entry (jpg) in the specific directory

The IP is a static IP address with closed "Microsoft" ports found such as smtp, netbios-ssn, msrpc, snmp, microsoft-ds - found domain open in latest scan

I don't understand much about bots but, see some search engine bots/robots reading what is allowed from my robots.txt file - this is different

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.