IP blocked for malicious file upload

  • Resolved jgold723

    (@jgold723)


    4 years ago

    Reviewing the regular WordPress activity report I see IP addresses that are being blocked with message like this:

    “Blocked for a Malicious File Upload in file: upload=core2.php”

    (The actual file name varies)

    Does this mean that a file upload was actually attempted? How? None of my sites have any kind of forward-facing option for uploading files, so I’m wondering if the attacks are coming via FTP and that I have an FTP issue?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @jgold723 thanks for reaching out!

    The “Malicious File Upload” message references a file upload that was prevented, and the IP was blocked from accessing your site. As file uploading is a core function of WordPress, it is not difficult for a potential attacker to know the file upload script URL relative to your site’s domain name to attempt an upload, hoping for the route in to be unprotected. Having said that, many attempts such as this don’t check for the presence of WordPress beforehand and are just hoping for the best due to its popularity.

    The unsanitized file that was blocked here may have contained malicious code with the intention of being executed, then allowing an attacker a way into your site. The block message is just letting you know Wordfence is doing its job.

    https://www.wordfence.com/help/firewall/#what-it-protects-against can give you some more information if you would like to read about it.

    Naturally, we always recommend on top of Wordfence that you have strong passwords set for your admin accounts and 2FA enabled too where possible.

    I hope that helps you out!

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘IP blocked for malicious file upload’ is closed to new replies.