Am I getting hacked?

  • I just launched a website and every now and then we get a visitor that is identified by the Wassup plugin as “probably hack attempt”.

    In the site visit detail we see a bunch of hits to the same 404 message looking for an image. Like this:
    # 09:25:09 ->[404] /wp-content/uploads/cache/3089_NpAdvInnerSmall.jpg
    # 09:25:09 ->[404] /wp-content/uploads/cache/3399_NpAdvInnerSmall.jpg
    # 09:25:09 ->[404] /wp-content/uploads/cache/3400_NpAdvInnerSmall.jpg
    # 09:25:09 ->[404] /wp-content/uploads/cache/3401_NpAdvFeaThumb.jpg
    # 09:25:09 ->[404] /wp-content/uploads/cache/3490_NpAdvInnerSmall.jpg
    # 09:25:09 ->[404] /wp-content/uploads/cache/3506_NpAdvInnerSmall.jpg
    # 09:25:09 ->[404] /wp-content/uploads/cache/3553_NpAdvInnerSmall.jpg
    # 09:25:09 ->[404] /wp-content/uploads/cache/3586_NpAdvSideFea.jpg
    # 09:25:09 ->[404] /wp-content/uploads/cache/3593_NpAdvSideFea.jpg
    # 09:25:09 ->[404] /wp-content/uploads/cache/3605_NpAdvSideFea.jpg

    Also, most often the visitor will visit this link:
    18:54:02 ->/xmlrpc.php?rsd

    Most of the time the apache web service httpd seems to lock up.

    What type of attack is this? Any recommendations to thwart it?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    If they’re all coming from the same IP, block the IP.

    Sounds like a brute force sort of hack attempt.

    Thread Starter n152sm

    (@n152sm)

    multiple IP addresses, multiple operating systems, multiple browsers.

    This site is very controversial and some who oppose free speech would like it silenced – that is for sure.

    What can I do on my wordpress or my server (besides blocking the addresses as they come in) to keep this from happening??

    Do you know what put the cache folder in your uploads directory and what it is for?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Am I getting hacked?’ is closed to new replies.