Arbitrary File Upload

  • gregor3001

    (@gregor3001)


    8 years ago

    Hello,

    I had 6 attempts blocked. Scans revealed nothing strange.

    United States Kansas City, United States left https://mydomian.com/wp-admin/admin-ajax.php and was blocked by firewall.

    or
    United States Kansas City, United States left https://mydomian.com/uploadify/uploadify.php?folder=/ and was blocked by firewall for Malicious File Upload (PHP) at https://mydomian.com/uploadify/uploadify.php?folder=%2F

    since all attempts came from same IP i blocked it.

    i now also enabled “Disable Code Execution for Uploads directory”

    what i am wondering is how could they attempt to upload it? what does this message even mean? did they just run some script to upload the file and it didn’t work? i mean many of these folders mentioned in the attack are not visible to internet.

    I am just trying to figure out what exactly happened here and what this message means.

    • This topic was modified 8 years ago by gregor3001.
Viewing 1 replies (of 1 total)

  • Hello,
    This kind of attacks are from bots which are programs written by hackers that target a large number of websites looking for vulnerabilities, so they keep scanning websites for vulnerabilities even if you don’t have this directory/file (uploadify.php here for example), they are just looking for any website with this vulnerability to exploit, I suggest reading more about bots and how they are used in attacking websites in “How to Protect Yourself from WordPress Security Issues & Threats“.

    Thanks.

Viewing 1 replies (of 1 total)
  • The topic ‘Arbitrary File Upload’ is closed to new replies.