Does WordPress make requests like these?

  • Resolved albarosa

    (@albarosa)


    3 weeks, 4 days ago

    Hello,

    I would like to know if WordPress makes the following types of requests:

    2024-10-28 03:58:45 403 6.9.xxx.90 GET /url(data:text/css;base64,Kjpub3QoaW5wdXQpOm5vdCh0ZXh0YXJlYSk6OnNlbGVjdGlvbiB7CiAgICAgICAgICAgIGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50ICFpbXBvcnRhbnQ7CiAgICAgICAgICAgIGNvbG9yOiBpbmhlcml0ICFpbXBvcnRhbnQ7CiAgICAgICAgfQoKICAgICAgICAqOm5vdChpbnB1dCk6bm90KHRleHRhcmVhKTo6LW1vei1zZWxlY3Rpb24gewogICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiB0cmFuc3BhcmVudCAhaW1wb3J0YW50OwogICAgICAgICAgIC HTTP/1.1

    or

    2024-10-28 03:58:45 403 6.9.xxx.90 GET /url(data:text/css;base64,Kjpub3QoaW5wdXQpOm5vdCh0ZXh0YXJlYSk6OnNlbGVjdGlvbiB7CiAgICAgICAgICAgIGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50ICFpbXBvcnRhbnQ7CiAgICAgICAgICAgIGNvbG9yOiBpbmhlcml0ICFpbXBvcnRhbnQ7CiAgICAgICAgfQoKICAgICAgICAqOm5vdChpbnB1d HTTP/1.1

    Recently, I have been receiving an increasing number of such requests on my WordPress website, and I suspect they may be attempts at code injection. However, since I am not an expert in this area, I would like to know from you whether it is possible for WordPress to make such types of requests.

    Thank you for your response,

    Albarosa

    • This topic was modified 3 weeks, 4 days ago by albarosa. Reason: resolved
    • This topic was modified 3 weeks, 4 days ago by albarosa.
Viewing 2 replies - 1 through 2 (of 2 total)

  • This does seem suspicious; WordPress itself does not generate URLs like this. In a secure WordPress setup, you shouldn’t see these kinds of requests being made from core functionalities or most legitimate plugins or themes.

    Thread Starter albarosa

    (@albarosa)

    @4thhubbard

    Okay, thank you very much for clarification.

    Best regards

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.