Community mailing list archives

Re: Seems Odoo just got hacked

Jared Kipe
- 09/24/2015 13:31:09
I seriously doubt they were actually 'hacked'.
This is a very 'spray and pray' kind of scripting attack.

Most of them were 404 (which is expected)
The 200's with "GET / HTTP/1.0" would have probably just been served the home page.  They probably had invalid HTTP headers or something in there you can't see in the logs.

You could block most of this through some pretty generic rules in your reverse proxy or WAF.

Unless new users were created, this is pretty typical of any 'public' HTTP server (that is addressable through an internet address [i.e. not requiring a VPN or local subnet]).


On Sep 24, 2015, at 10:25 AM, David Arnold <> wrote:

Hi All

A client's odoo seems to just got hacked:

please find attached log files for your prudent analysis>



Post to: