SUHOSIN messing with WordPress
-
Suhosin messing with WordPress installation as well as posting, creating pages etc.
Posting the contents of /var/log/messages
Jan 30 12:14:24 vps22 suhosin[25052]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'data[wp_autosave][content]' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/admin-ajax.php')
Jan 30 12:14:24 vps22 suhosin[25052]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'data[wp_autosave][excerpt]' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/admin-ajax.php')
Jan 30 12:14:24 vps22 suhosin[25052]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'data[wp_autosave][catslist]' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/admin-ajax.php')
Jan 30 12:14:24 vps22 suhosin[25052]: ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/admin-ajax.php')
Jan 30 12:14:39 vps22 suhosin[25064]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'auto_draft' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/post.php')
Jan 30 12:14:39 vps22 suhosin[25064]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'wp-preview' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/post.php')
Jan 30 12:14:39 vps22 suhosin[25064]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'hidden_post_password' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/post.php')
Jan 30 12:14:39 vps22 suhosin[25064]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'post_password' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/post.php')
Jan 30 12:14:39 vps22 suhosin[25064]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'parent_id' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/post.php')
Jan 30 12:14:39 vps22 suhosin[25064]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'metakeyinput' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/post.php')
Jan 30 12:14:39 vps22 suhosin[25064]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'metavalue' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/post.php')
Jan 30 12:14:39 vps22 suhosin[25064]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'post_name' (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/post.php')
Jan 30 12:14:39 vps22 suhosin[25064]: ALERT - dropped 8 request variables - (0 in GET, 8 in POST, 0 in COOKIE) (attacker 'ip.address.hidden', file '/home/username/public_html/wp-admin/post.php')
Jan 30 12:14:49 vps22 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 30 12:14:49 vps22 pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__*************************** is now logged in
Jan 30 12:14:49 vps22 pure-ftpd: (__cpanel__service__auth__ftpd__***************************@127.0.0.1) [INFO] Logout.
The problem is only with latest version of WordPress, messages are similar to the null byte attack.
- The topic ‘SUHOSIN messing with WordPress’ is closed to new replies.