Samshed by these requests

  • Resolved Jaso

    (@subwebsites)


    4 years, 2 months ago

    Hi,

    I change the URL here as no-one needs to see my real doamin

    Last few months been getting smashed by these in the Logs contantly, can you help me understand these plz?

    10/Sep/20 03:23:40 #1205818 CRITICAL – 192.95.30.137 POST /index.php – Blocked file upload attempt – [xxx.php (1,316 bytes)] – mail.mysite.com

    10/Sep/20 03:24:07 #8986544 CRITICAL – 192.95.30.137 POST /index.php – Blocked file upload attempt – [x.php (1,326 bytes)] – mail.mysite.com

    13/Sep/20 22:12:00 #3296802 HIGH 310 185.17.182.118 GET /wp-admin/setup-config.php – Access to a configuration file – [SERVER:SCRIPT_NAME = /wp-admin/setup-config.php] – mysite.com

    14/Sep/20 08:00:35 #3556326 CRITICAL 1429 52.142.55.0 GET /index.php – WP backdoor plugin – [SERVER:REQUEST_URI = /wp-content/plugins/ioptimization/IOptimize.php?rchk] – mysite.com

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    -1 & 2: They tried to upload PHP scripts, but they failed.
    -3: They checked if the blog is installed or if the WP install hasn’t been completed yet so that they could create their own install of WP.
    -4 They check if you have a rogue plugin named “ioptimization”. It was very much used by hackers several months ago.

    Nothing to worry about. They just tried they luck, but they failed and were kicked out by the firewall.

    Not on your plug in but my firewall picks this up as well.

    more annoying than anything else should keep a list of these plug ins to avoid tho.

    ioptimization sounds like it cant find the plug in to report it tho

    Plugin Author nintechnet

    (@nintechnet)

    “ioptimization” is a backdoor uploaded by hackers that looks like a plugin.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Samshed by these requests’ is closed to new replies.