Possible attack on our website

  • Resolved cirilio

    (@cirilio)


    6 years ago

    Hi Support,

    We just received an email from you and it seems that someone is trying to get into our website. Please enlighten us if this report is a positive attack or not. Thank you!

    ##############################################################################

    Wordfence activity from
    February 4, 2019 to February 11, 2019
    This email was sent from your website https://www.patent.net.ph and is a summary of security related activity that Wordfence monitors for the period February 4, 2019 to February 11, 2019. NOTE: You are using the free version of Wordfence and are missing out on features like cellphone sign-in, country blocking and detecting if your site IP is sending spam. Click here to upgrade to Wordfence Premium now.

    Top 10 IPs Blocked
    IP Country Block Count
    185.206.225.30 NO 4
    185.253.97.235 NO 2
    Update Blocked IPs

    Top 10 Countries Blocked
    Country Total IPs Blocked Block Count
    NO 2 3
    Update Blocked Countries

    Top 10 Failed Logins
    Username Login Attempts Existing User
    No failed logins yet.
    Update Login Security Options

    Recently Blocked Attacks
    Time IP / Action
    No blocked attacks yet.
    View Recent Traffic

    Recently Modified Files
    Modified File
    February 11, 2019 4:04pm
    wp-includes/wp-tmp.php
    February 11, 2019 8:18am
    wp-content/updraft/log.fec3602e1f9b.txt
    February 10, 2019 9:04am
    wp-content/updraft/log.e98a44bcb86b.txt
    February 9, 2019 9:35am
    wp-content/updraft/log.0b1af0a9fbb0.txt
    February 8, 2019 8:56am
    wp-content/updraft/log.461c266ca6a7.txt
    February 7, 2019 9:06am
    wp-content/updraft/log.f49c0ccd9282.txt
    February 6, 2019 1:07pm
    wp-content/plugins/wordfence/vendor/maxmind-db/reader/src/MaxMind/Db/Reader.php
    February 6, 2019 1:07pm
    wp-content/plugins/wordfence/vendor/maxmind/web-service-common/src/WebService/Http/CurlRequest.php
    February 6, 2019 1:07pm
    wp-content/plugins/wordfence/vendor/maxmind/web-service-common/src/Exception/IpAddressNotFoundException.php
    February 6, 2019 1:07pm
    wp-content/plugins/wordfence/vendor/maxmind/web-service-common/src/Exception/PermissionRequiredException.php
    This list may include WordPress core/plugin/theme updates, error logs, cache files, and other normal changes.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • iframe

    (@iframe)

    I checked those files on my site.
    1. I don’t have wp-includes/wp-tmp.php but I run version 5.0.3, you run version 4.9.8
    2. I don’t know what’s wp-content/updraft/ probably you got some plugin with a similar name, check what it is up to.
    3. Wordfence files are shown on your list have been modified on my site recently as well.

    Bottom line, as long as you are concerned about your site’s integrity and security, running a vulnerable version 4.9.8 doesn’t make sense.
    The latest patched version for 4.9.x branch is 4.9.9

    Thread Starter cirilio

    (@cirilio)

    UpDraft is basically a backup tool for WordPress. And by the way, I am running 5.0.3 so I don’t know how you find the 4.9.8

    Anyway, I just re-installed it just to make sure. And it still shows 5.0.3

    iframe

    (@iframe)

    I used Sucuri, it shows you got 4.9.8
    I don’t have that file in your wp-includes folder.

    Thread Starter cirilio

    (@cirilio)

    Hmmm, that’s weird right? I always update my wordpress and other plugins regularly. I don’t know why this happens.

    Also, I used this site https://pentest-tools.com/website-vulnerability-scanning/web-server-scanner#

    And the result also shows I’m using 4.9.8

    Really weird huh.

    wfdave

    (@wfdave)

    Hi @cirilio,

    Can you open /wp-includes/version.php?
    It should list your current version as $wp_version = *****;

    The logs look like they are from your site. The report is simply a summary of changed files, it doesn’t look like anyone is trying to get into your site.

    The changed files are log files generated by UpDraft. You can choose to ignore the changes in this folder by doing this:

    1. Go to Wordfence -> Scan -> Scan Options and Scheduling
    2. Scroll down until you find Advanced Scan Options
    3. Put wp-content/updraft/* in Exclude files...

    For example: https://i.imgur.com/6DNKmgF.png

    Dave

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Possible attack on our website’ is closed to new replies.