0
Welcome Guest! Login
0 items Join Now

How to find which plugin is creating a problem

Last Post
Search Topic
    • mjkahngr's Avatar
    • mjkahngr
    • Sr. Rocketeer
    • Posts: 221
    • Thanks: 0

    How to find which plugin is creating a problem

    Posted 9 years 10 months ago
    • We have two different sites on two different servers on two different networks with the same problem. While the two sites are run from two differnt servers in two different facitities, both are using Sucuri.net's CloudProxy/Firewall service on the same Proxy server.

      My website URL is: kmiinvestigations.com
      - My Joomla version number is J-3.3.4
      - My Rockettheme template version number is: Chapelco v1.0
      Proxy server IP address: 192.124.249.9

      My website URL is: willeychamberlain.com
      - My Joomla version number is J-3.3.1
      - My Rockettheme template version number is: Anacron v1.0
      Proxy server IP address: 192.124.249.9


      kmiinvestigations.com has its DNS servers on Dyn.com and is hosted in our facility.

      willeychamberlain.com has is using my DNS servers (but will be transferred to Dyn once this is resolved). They are hosted in another facility.

      The problem started two days ago, before we moved KMIinvestigations.com DNS to Dyn. This did not resolve the issue.


      NOW FOR THE PROBLEM!

      When you attempt to visit either site, you get this message:
      "Your IP address has recently been detected as spammer. Your computer may be infected.
      Please use one of these free antiviruses: Microsoft Safety Scanner, HouseCall TrendMicro or Malwarebytes AntiMalware. You see this message because this website takes part in Project Honeypot to fight spam.
      This message will continue to show up 8 days after the last time your IP was reported, eben after you disinfect it."

      Notice the typo at the end of the last line.

      Below are screen shots of the problem. (More information follows).

      First you get a message. If you click through it, a slightly modified version of the message (see text above) prepends itself to the top of all of the pages of your web site.


      This image is hidden for guests.
      Please log in or register to see it.



      This is what happens after you click through:


      This image is hidden for guests.
      Please log in or register to see it.



      This image is hidden for guests.
      Please log in or register to see it.




      I have several RocketTheme web sites on my server and on three different Sucuri.net Proxy servers. Only these two have this issue.

      I have been in contact with Dyn, Sucuri and Project HoneyPot. All believe it is due to a Joomla plugin. Sucuri has gone through both web sites with all of their malware removal tools and found no malware. Project HoneyPot claims that neither our "real" server IP addresses, nor the Proxy server IP address nor the domain names are listed in their database.

      The message seems to be generated by a file named httpbl.txt (which is a file name that Project HoneyPot uses). The file never existed on either server/site before July 8, 2015. If you delete the file, it is recreated the next time someone attempts to log in to the web site.

      The file also seems to control if you see just the message (blocked) or the message appears on the top of your pages (unblocked).

      Here is the content of the current file for kmiinvestigations.com:

      2015-07-10 :: 04-48-20 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 04-51-39 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 04-54-07 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36
      2015-07-10 :: 04-55-30 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
      2015-07-10 :: 05-03-46 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0
      2015-07-10 :: 08-50-50 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
      2015-07-10 :: 09-40-07 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
      2015-07-10 :: 09-40-18 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
      2015-07-10 :: 10-03-48 :: UNBLCKD 192.88.135.9 :: /index.php/kmi-blog?format=feed&type=rss :: com.apple.Safari.WebFeedParser/600.1.4 CFNetwork/711.4.6 Darwin/14.0.0
      2015-07-10 :: 10-18-03 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (compatible; MSIE 8.0; MSIE 9.0; Windows NT 6.0; Trident/4.0; InfoPath.1; SV1; .NET CLR 3.8.36217; WOW64; en-US)
      2015-07-10 :: 10-18-03 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Googlebot/2.1; +http://www.google.com/bot.html)
      2015-07-10 :: 10-18-04 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Ipad Iphone Safari
      2015-07-10 :: 10-32-43 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 10-35-04 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 10-42-26 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (Android; U; Android 2.1; en-us;) AppleWebKit/525.10 (KHTML, like Gecko)
      2015-07-10 :: 10-44-40 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (Android; U; Android 2.1; en-us;) AppleWebKit/525.10 (KHTML, like Gecko)
      2015-07-10 :: 10-45-22 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (Android; U; Android 2.1; en-us;) AppleWebKit/525.10 (KHTML, like Gecko)
      2015-07-10 :: 10-45-31 :: UNBLCKD 192.88.135.9 :: /index.php/kmi-blog :: Mozilla/5.0 (Android; U; Android 2.1; en-us;) AppleWebKit/525.10 (KHTML, like Gecko)
      2015-07-10 :: 10-51-20 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 11-09-45 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 11-54-25 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36
      2015-07-10 :: 11-54-53 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36
      2015-07-10 :: 11-54-56 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/2-uncategorised/144-getting-the-truth-by-joe-koenig-front-cover :: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36
      2015-07-10 :: 11-56-50 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog/147-joe-koenig-s-book-featured-in-mlive :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDCJS)
      2015-07-10 :: 11-57-07 :: UNBLCKD 192.88.135.9 :: /index.php/kmi-blog/147-joe-koenig-s-book-featured-in-mlive :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDCJS)
      2015-07-10 :: 11-59-53 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDCJS)
      2015-07-10 :: 12-57-01 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36
      2015-07-10 :: 12-57-51 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36
      2015-07-10 :: 13-11-13 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog/157-book-review-by-pi-magazine :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog/155-poker-players-this-book-is-for-you :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 13-12-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog/155-poker-players-this-book-is-for-you :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 14-24-26 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12H143
      2015-07-10 :: 14-24-29 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
      2015-07-10 :: 14-24-48 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
      2015-07-10 :: 15-44-59 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0
      2015-07-10 :: 15-45-09 :: BLOCKED 192.88.135.9 :: :: :: :: / :: NerdyBot
      2015-07-10 :: 15-46-01 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0
      2015-07-10 :: 16-55-33 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12F70 [FBAN/FBIOS;FBAV/34.0.0.36.265;FBBV/12376726;FBDV/iPhone7,2;FBMD/iPhone;FBSN/iPhone OS;FBSV/8.3;FBSS/2; FBCR/Sprint;FBID/phone;FBLC/en_US;FBOP/5]
      2015-07-10 :: 16-55-58 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12F70 [FBAN/FBIOS;FBAV/34.0.0.36.265;FBBV/12376726;FBDV/iPhone7,2;FBMD/iPhone;FBSN/iPhone OS;FBSV/8.3;FBSS/2; FBCR/Sprint;FBID/phone;FBLC/en_US;FBOP/5]
      2015-07-10 :: 16-56-03 :: UNBLCKD 192.88.135.9 :: /index.php/kmi-blog :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12F70 [FBAN/FBIOS;FBAV/34.0.0.36.265;FBBV/12376726;FBDV/iPhone7,2;FBMD/iPhone;FBSN/iPhone OS;FBSV/8.3;FBSS/2; FBCR/Sprint;FBID/phone;FBLC/en_US;FBOP/5]
      2015-07-10 :: 17-14-35 :: BLOCKED 192.88.135.9 :: :: :: :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-14-48 :: BLOCKED 192.88.135.9 :: :: :: :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-15-29 :: UNBLCKD 192.88.135.9 :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-15-37 :: UNBLCKD 192.88.135.9 :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-15-37 :: UNBLCKD 192.88.135.9 :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-15-52 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_plugins :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-16-21 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_config&view=component&component=com_plugins&path=&return=aHR0cDovL2ttaWludmVzdGlnYXRpb25zLmNvbS9hZG1pbmlzdHJhdG9yL2luZGV4LnBocD9vcHRpb249Y29tX3BsdWdpbnM%3D :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-16-33 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_config :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-16-34 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_plugins :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-16-36 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_config&view=component&component=com_plugins&path=&return=aHR0cDovL2ttaWludmVzdGlnYXRpb25zLmNvbS9hZG1pbmlzdHJhdG9yL2luZGV4LnBocD9vcHRpb249Y29tX3BsdWdpbnM%3D :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-16-47 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_config :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-16-48 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_plugins :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-16-51 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_config&view=component&component=com_plugins&path=&return=aHR0cDovL2ttaWludmVzdGlnYXRpb25zLmNvbS9hZG1pbmlzdHJhdG9yL2luZGV4LnBocD9vcHRpb249Y29tX3BsdWdpbnM%3D :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-18-07 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_config&view=component&component=com_jce :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-48-13 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 17-49-02 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_login&task=logout&e0c9155aa0e00b4582404e554bbf4b6d=1 :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-49-03 :: UNBLCKD 192.88.135.9 :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 17-49-07 :: UNBLCKD 192.88.135.9 :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 18-08-45 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
      2015-07-10 :: 18-10-46 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
      2015-07-10 :: 18-12-04 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
      2015-07-10 :: 18-12-31 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 18-12-34 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 18-13-06 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
      2015-07-10 :: 18-19-00 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
      2015-07-10 :: 18-24-01 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      2015-07-10 :: 18-24-25 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
      2015-07-10 :: 18-28-28 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)
      2015-07-10 :: 19-06-11 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
      2015-07-10 :: 19-06-15 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
      2015-07-10 :: 19-20-14 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A405 Safari/600.1.4
      2015-07-10 :: 19-36-31 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 19-43-01 :: UNBLCKD 192.88.135.9 :: / :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 20-07-57 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
      2015-07-10 :: 20-23-53 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (Linux; Android 4.4.4; XT1080 Build/SU6-7.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
      2015-07-10 :: 20-23-53 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (Linux; Android 4.4.4; XT1080 Build/SU6-7.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
      2015-07-10 :: 20-59-47 :: UNBLCKD 192.88.135.9 :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 20-59-52 :: UNBLCKD 192.88.135.9 :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 20-59-55 :: UNBLCKD 192.88.135.9 :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 20-59-56 :: UNBLCKD 192.88.135.9 :: /administrator/index.php :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-00-00 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_modules :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-04-05 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_templates :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-04-20 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&task=template.edit&id=7 :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-04-21 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&view=template&layout=edit&id=7 :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-04-25 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&task=ajax&format=raw&template=rt_chapelco :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-05-00 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&layout=edit&id=7 :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-05-00 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_templates&view=styles :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-05-04 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&task=template.edit&id=7 :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-05-04 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&view=template&layout=edit&id=7 :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-05-06 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&task=ajax&format=raw&template=rt_chapelco :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-08-24 :: BLOCKED 192.88.135.9 :: :: :: :: /index.php/kmi-blog :: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
      2015-07-10 :: 21-14-25 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/43.0.2357.61 Mobile/12H143 Safari/600.1.4
      2015-07-10 :: 21-18-12 :: BLOCKED 192.88.135.9 :: :: :: :: / :: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/43.0.2357.61 Mobile/12H143 Safari/600.1.4
      2015-07-10 :: 21-18-25 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&layout=edit&id=7 :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-18-26 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_templates&view=styles :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-18-32 :: UNBLCKD 192.88.135.9 :: /administrator/ :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-19-03 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_config :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-21-00 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_templates :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-21-08 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&task=template.edit&id=7 :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-21-08 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&view=template&layout=edit&id=7 :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
      2015-07-10 :: 21-21-10 :: UNBLCKD 192.88.135.9 :: /administrator/index.php?option=com_gantry&task=ajax&format=raw&template=rt_chapelco :: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3



      Notice that all IP addresses are of the Proxy server. Yet the message says ""Your IP address has recently been detected as spammer. Your computer may be infected...."


      In addition to RocketTheme templates installed by RocketLauncher we use the ALFcontct component for forms on ALL of our Joomla sites. These are the only two with an issue.

      We ran lsof against the httpbl.txt file to see what might be creating it. We had no results.

      Again, Sucuri support, Dyn support and Project HoneyPot (which we don't use) support all believe this to be a Joomla plugin issue.

      How do we detect the source of this problem?

      Thank you in advance.
    • Mitch
    #1217228
    • David Goode's Avatar
    • David Goode
    • Preeminent Rocketeer
    • Posts: 17058
    • Thanks: 890
    • Web Designer and Host

    Re: How to find which plugin is creating a problem

    Posted 9 years 10 months ago
    • Hi Mitch,

      First link gave me geo block...

      Block details
      Your IP: Loading...
      URL: kmiinvestigations.com/
      Your Browser: Loading...
      Block ID: GEO02
      Block reason: Access from your Country was disabled by the site administrator.
      Time: Loading...
      Server ID: cp13009

      Second link gave block you described.

      Do you have Akeeba AdminTools installed as they also use Honeypot settings and I was wondering if there was a conflict?

    • The following users have thanked you: mjkahngr


    • Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information
    #1217303
    • mjkahngr's Avatar
    • mjkahngr
    • Sr. Rocketeer
    • Posts: 221
    • Thanks: 0

    Re: How to find which plugin is creating a problem

    Posted 9 years 10 months ago
    • David,

      Thank you for your reply.

      We are not currently using any Akeeba products. We did try them on a couple of sites on our server, but had trouble making them work without easing up on our security functions, so they were removed over a year ago.

      We deleted the offending files on the two sites many times and they were recreated. Finally after nearly 50 hours, following the last delete, they did not recreated. Everything has been stable for about 48 hours. We continue to monitor closely, but are concerned about how and why these were created in the first place and why they stopped regenerating.

      I would still like to know how to find plugins that are creating files, if there is a way to diagnose it.

      thanks again.

      Mitch
    • Mitch
    #1217827

Time to create page: 0.075 seconds