Can any one let me know how to protect these?

  • chaithanyakrishnapati

    (@chaithanyakrishnapati)


    9 years, 1 month ago

    Some one trying to access these

    /admin/database.sql
    /admin/dump.sql
    /admin/backup.sql
    /admin/db.sql
    /database.sql
    /dump.sql
    /db.sql
    /backup/db.sql
    /backup/dump.sql
    /backup.sql
    /backup/database.sql
    /backup/backup.sql
    /admin/backup/db.sql
    /admin/backup/database.sql
    /admin/backup/backup.sql
    /admin/backup/dump.sql
    /dump/bigdump/bigdump.php
    /admin/dump/bigdump.php
    /backup/bigdump.php
    /backup/bigdump/bigdump.php
    /admin/db.sql
    /admin/backup.sql
    /db.sql
    /backup.sql
    /backup/db.sql
    /backup/database.sql
    /backup/backup.sql
    /backup/dump.sql
    /admin/backup/database.sql
    /admin/backup/db.sql
    /admin/backup/dump.sql
    /dump/bigdump/bigdump.php
    /backup/bigdump/bigdump.php
    /backup/bigdump.php
    /admin/dump/bigdump.php
    /admin/bigdump.php
    /bigdump/bigdump.php

    I just checked these and some one is trying to access these. can any one tell me how to protect these from cpanel?

Viewing 15 replies - 1 through 15 (of 20 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Does a database actually exist in those directories? Or is that just a random call by a stupid bot?

    Thread Starter chaithanyakrishnapati

    (@chaithanyakrishnapati)

    Andrew it was from different IPs

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    I _think_ these are random calls by a blind robot and a database does not exist at any of those URLs

    Thread Starter chaithanyakrishnapati

    (@chaithanyakrishnapati)

    I have ithemes security and also anti-malware scanner by ELI and i scanned my site and nothing suspicious. But after checking those in newstatpress visitors i wanted to know more about it. Is it some kind of hack? If yes then how to protect my site from these attacks? I googled about it and didn’t found any articles relevant to it so posted here

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    But you’re going off the assumption that a database is at the end of the URLs (above) and that you need to protect that database.

    Does a database exist there? First you need to answer that.

    Thread Starter chaithanyakrishnapati

    (@chaithanyakrishnapati)

    How to check that andrew whether the database is there or not? I am new to WordPress and i didn’t know much about sql and php. Can you guide me with some relevant articles? I protected my wp-includes by uploading blank html file and i added some code to protect my .htaccess.

    How to check my database exists there or not? I am sorry to say that i don’t have knowledge in php and sql but i will try my level best to answer it.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    The only directories WordPress has by default, at the root level, are:

    • /wp-admin/
    • /wp-content/
    • /wp-includes/

    So WordPress does not actually have the directories that the robot has tried to reach, nor a database in those directories.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    I cannot guide you because I am giving you the argument that the directories don’t actually exist. Just because a robot tried to access it doesn’t mean it exists.

    Thread Starter chaithanyakrishnapati

    (@chaithanyakrishnapati)

    so is it safe ? Google webmasters shows everything okay and there is no threat detected by anti-malware by eli. So every thing okay now?

    Can you tell me how to protect my SQL and PHP in my cpanel?

    Thanks

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Yes I know that WordPress takes security very seriously and the latest version of WordPress is safe, but there are other precautions that you could make: https://codex.www.ads-software.com/Hardening_WordPress

    You probably want to look at this section: https://codex.www.ads-software.com/Hardening_WordPress#Database_Security

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    It can also be the job of your Hosting Providers to make your database secure, so it might be worth talking to them about your concerns too.

    Thread Starter chaithanyakrishnapati

    (@chaithanyakrishnapati)

    No i think some one trying to hack

    /FCKeditor/editor/filemanager/connectors/aspx/connector.aspx

    /FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx

    /FCKeditor/editor/filemanager/connectors/php/connector.php

    /FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php

    Thread Starter chaithanyakrishnapati

    (@chaithanyakrishnapati)

    /eqqlk30758.txt
    /plus/mytag_js.php
    a=config&source=d7.2_x2.0
    a=config&source=d7.2_x2.0
    a=config&source=d7.2_x2.0
    a=config&source=d7.2_x2.0

    Thread Starter chaithanyakrishnapati

    (@chaithanyakrishnapati)

    i password protected my public_html now but the problem is when i try to run antimalware scan by eli it shows 0% always. Any kind of help is appreciated.
    Thanks

    Thread Starter chaithanyakrishnapati

    (@chaithanyakrishnapati)

    Sorry for this i removed my public_html from password protection because it asks to login. So one of my friend told me that i should password protect WP admin but this article shows that there will be a problem if you password protect that folder.

    https://www.wordfence.com/blog/2014/05/please-stop-password-protecting-your-wp-admin-folder-because-it-breaks-public-ajax-for-wordpress/

Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘Can any one let me know how to protect these?’ is closed to new replies.