Jlslot40.Makakuha ng libreng 700pho sa bawat deposito

Resolved

(@pidengmor)

Hi,

A site I run with Ninja Firewall suddenly 404’d all pages except the homepage yesterday. I traced the issue to a blank .htaccess file in the root, which had a timestamp of 05:30 11/02/2015. I checked the site files through the File Check feature of Ninja Firewall (an excellent feature btw), and no other files had been altered. I then restored the original .htaccess file from a backup and the site returned to normal functionality, while scans with Sucuri and Wordfence revealed no issues. There was no record of any Ninja Firewall rules being triggered in the log, but when I checked the server logs for this minute I see the following GET / POST request listed from two IP address that can be found on IP blacklists and appear to be targeting the fckeditor. Could this be an exploit of a Linux vulnerability, as the WordPress site does does not have any such editor installed as a plugin, unless it is embedded with the Breakout Theme used on the site?

217.12.204.117 - - [11/Feb/2015:05:30:21 +0000] "GET /editor1//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 840 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:21 +0000] "GET /manage/fckeditor//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 849 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:21 +0000] "GET /Fckeditornew//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 845 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:21 +0000] "GET /editor1//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 842 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /manage/fckeditor//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 851 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /js/fckeditor//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 845 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /Fckeditornew//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 847 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /js/fckeditor//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 847 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /system/fckeditor//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 849 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /system/fckeditor//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 851 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:23 +0000] "GET /scripts/fckeditor//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 850 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:23 +0000] "GET /scripts/fckeditor//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 852 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:24 +0000] "GET /sysadmin/fckeditor//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 851 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:24 +0000] "GET /sysadmin/fckeditor//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 853 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:24 +0000] "GET /fckeditor//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 842 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:24 +0000] "GET /fckeditor//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 844 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:25 +0000] "GET /admin/fckeditor//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 848 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:25 +0000] "GET /common/fckeditor//editor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 849 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:25 +0000] "GET /admin/fckeditor//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 850 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:25 +0000] "GET /common/fckeditor//editor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 851 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /Fckeditornew//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:24 +0000] "GET /sysadmin/fckeditor//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:23 +0000] "GET /scripts/fckeditor//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /editor1//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /js/fckeditor//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /system/fckeditor//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /Fckeditornew//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 845 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /scripts/fckeditor//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 850 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /sysadmin/fckeditor//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 851 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /editor1//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 840 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /js/fckeditor//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 845 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:22 +0000] "GET /manage/fckeditor//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /system/fckeditor//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 849 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /Fckeditornew//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 861 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /sysadmin/fckeditor//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 867 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /scripts/fckeditor//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 866 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /editor1//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 856 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /manage/fckeditor//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 849 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /js/fckeditor//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 861 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /system/fckeditor//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 865 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /Fckeditornew//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 863 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /scripts/fckeditor//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 868 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /sysadmin/fckeditor//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 869 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /editor1//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 858 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /js/fckeditor//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 863 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /manage/fckeditor//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 865 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /system/fckeditor//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 867 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /manage/fckeditor//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 867 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:24 +0000] "GET /fckeditor//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:29 +0000] "GET /fckeditor//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 842 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:29 +0000] "GET /fckeditor//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 858 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:29 +0000] "GET /fckeditor//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 860 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:25 +0000] "GET /admin/fckeditor//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:32 +0000] "GET /admin/fckeditor//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 848 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:32 +0000] "GET /admin/fckeditor//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 864 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:25 +0000] "GET /common/fckeditor//editor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:32 +0000] "GET /admin/fckeditor//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 866 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:32 +0000] "GET /common/fckeditor//editor/filemanager/connectors/jsp/connector.jsp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 849 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:33 +0000] "GET /common/fckeditor//editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 865 "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:33 +0000] "GET /common/fckeditor//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 403 867 "-" "-"
84.18.207.60 - - [11/Feb/2015:05:30:26 +0000] "POST /wp-cron.php?doing_wp_cron=1423632626.2409739494323730468750 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
84.18.207.60 - - [11/Feb/2015:05:30:26 +0000] "POST /wp-cron.php?doing_wp_cron=1423632626.2392899990081787109375 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
84.18.207.60 - - [11/Feb/2015:05:30:26 +0000] "POST /wp-cron.php?doing_wp_cron=1423632626.2418279647827148437500 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
84.18.207.60 - - [11/Feb/2015:05:30:26 +0000] "POST /wp-cron.php?doing_wp_cron=1423632626.2384641170501708984375 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
84.18.207.60 - - [11/Feb/2015:05:30:26 +0000] "POST /wp-cron.php?doing_wp_cron=1423632626.2401230335235595703125 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
84.18.207.60 - - [11/Feb/2015:05:30:27 +0000] "POST /wp-cron.php?doing_wp_cron=1423632626.2457580566406250000000 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
84.18.207.60 - - [11/Feb/2015:05:30:27 +0000] "POST /wp-cron.php?doing_wp_cron=1423632626.2453429698944091796875 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
84.18.207.60 - - [11/Feb/2015:05:30:27 +0000] "POST /wp-cron.php?doing_wp_cron=1423632626.9602839946746826171875 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /scripts/fckeditor//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /system/fckeditor//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /sysadmin/fckeditor//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /editor1//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /Fckeditornew//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /js/fckeditor//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:28 +0000] "GET /manage/fckeditor//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
84.18.207.60 - - [11/Feb/2015:05:30:30 +0000] "POST /wp-cron.php?doing_wp_cron=1423632630.4943230152130126953125 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
217.12.204.117 - - [11/Feb/2015:05:30:29 +0000] "GET /fckeditor//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:32 +0000] "GET /admin/fckeditor//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
217.12.204.117 - - [11/Feb/2015:05:30:33 +0000] "GET /common/fckeditor//editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F HTTP/1.1" 301 - "-" "-"
84.18.207.60 - - [11/Feb/2015:05:30:30 +0000] "POST /wp-cron.php?doing_wp_cron=1423632630.7320539951324462890625 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
84.18.207.60 - - [11/Feb/2015:05:51:47 +0000] "POST /wp-cron.php?doing_wp_cron=1423633907.0240681171417236328125 HTTP/1.0" 200 20 "-" "WordPress/4.1; https://www.proofscience.com"
36.72.4.83 - - [11/Feb/2015:05:51:46 +0000] "POST /xmlrpc.php HTTP/1.1" 200 415 "-" "-"
5.255.253.13 - - [11/Feb/2015:05:58:03 +0000] "GET / HTTP/1.1" 403 495 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +https://yandex.com/bots)"

https://www.ads-software.com/plugins/ninjafirewall/

Viewing 8 replies - 1 through 8 (of 8 total)

Thread Starter barnez
(@pidengmor)

9 years, 9 months ago

I’ve just searched the theme directory and there are no fckeditor files, so I imagine that this rules out a theme vulnerability.

Thread Starter barnez
(@pidengmor)

9 years, 9 months ago

Make that one suspicious IP. The POST requests are from my own server for cron jobs so it is only the POST requests that are suspicious and potentially related to the .htaccess issue.

Plugin Author nintechnet
(@nintechnet)

9 years, 9 months ago

Hi,

This is an attempt to exploit an old FCKeditor vulnerability (mostly on Joomla websites).

Do you have a security plugin that writes to the .htaccess ?
There are quite a lot of HTTP requests, and such plugins could truncate/corrupt the .htaccess because of too many attempts to write to it.

You can also check your FTP logs, just in case.

Thread Starter barnez
(@pidengmor)

9 years, 9 months ago

Hi,

Many thanks for the quick reply, and confirmation of the exploit target.

As well as Ninja Firewall, I have the Wordfence security plugin enabled, which writes to the .htaccess file. The Wordfence firewall and login security are disabled to avoid any conflict, and I only use the plugin for security scans; however, as this is the only plugin that writes to the file, it could be the reason. Also, the most recent modification to the FTP logs was two days before the issue, so there has been no unauthorised access there.

I’ll keep an eye on things for the next few weeks, and at times like these NF’s File Guard and File Check are excellent features to add an additional layer of monitoring.

Thanks again for a superb plugin.

Steves Designs
(@steves-designs)

9 years, 1 month ago

im getting similar attacks on this wordpress site https://www.stevesdesigns.co.uk/ its in the web design niche which is very competitive & it gets some sort of attempted hack daily . the rankings have also fallen away on g00gle ,is it possible someone could be adding code to the server or theme which is affecting the rankings in some way ?

Plugin Author nintechnet
(@nintechnet)

9 years, 1 month ago

If you are using NinjaFirewall, enable the File Guard and File Check features, they will detect changes (File Check) and accesses (File Guard) to new or modified files.
Keep also an eye on the firewall log.

gagomap
(@gagomap)

9 years, 1 month ago

You can use fail2ban to block it.

gagomap
(@gagomap)

9 years, 1 month ago

Link: https://www.linuxquestions.org/questions/showthread.php?p=5439204

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Strange attack where htaccess file was emptied of code’ is closed to new replies.

Tags