• zogar

    (@zogar)


    In my paggination list.

    The normal pagination link:
    /page/56/
    has change to:
    /page/56/?x=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

    I test with Pagenavi and with Pagenumber, the problem is the same.
    When I clear the caché it’s return to normally.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter zogar

    (@zogar)

    I’m having problems with the hacking of my list of pagination.
    The normal link would be /page/56/
    But is: /page/56/?x=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
    I triet to replace a pugglin of pagination wp-pagenavi to pagenumber and the problem is still there.
    The problem apparently only happens when WP-cache is being active and the only solution that I found is clear my caché. After a few hours, I have the problem again with the links being infected.

    It looks like someone was trying to brute force a remote file inclusion trick on your pagination. /etc/passwd is your unix password file. It’s encrypted, but the passwords can be cracked if they are common enough.

    https://en.wikipedia.org/wiki/Remote_File_Inclusion

    However, it wouldn’t make sense for WordPress to directly feed this variable into the command line, so I don’t think the culprits were successful. If anything, the thing you should watch out for there is SQL injection.

    https://en.wikipedia.org/wiki/SQL_injection

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘I’m under attack’ is closed to new replies.