Unusual "GET" call

  • I have a person that is an author on one of the sites I manage. Every time she logs in, the site gets compromized/hacked. I’m fairly certain that her MAC is the problem.

    I spoke with my host and they ran a log file scan on her IP. This is what they found:

    108.?.?.? – – [15/Apr/2016:06:20:35 -0700] “GET /wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui-position,jque&load%5B%5D=ry-ui-dialog,wpdialogs,hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,jquery-ui-sortable,postbox,quicktags,&load%5B%5D=jquery-query,admin-comments,svg-painter,heartbeat,wp-auth-check,jquery-ui-slider,jquery-touch-punch,iris,wp-color-picker,undersc&load%5B%5D=ore,shortcode,backbone,wp-util,wp-backbone,media-models,wp-plupload,mediaelement,wp-mediaelement,media-views,media-editor,media-&load%5B%5D=audiovideo,mce-view,imgareaselect,image-edit,thickbox,wplink&ver=f7d0c97e4c0f46bfc147f911d40f3ad6 HTTP/1.1” 200 152659 “https://www.???.com/wp-admin/edit-comments.php” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36”

    I would like to help her clean up her computer but don’t have any idea where to start. I mostly work on PCs.

Viewing 1 replies (of 1 total)
  • Moderator Marius L. J.

    (@clorith)

    Hi,

    Nothing here is any indication of foul play, this is a normal call for JavaScript files and nothing to worry about.

    If you do suspect a system is infected it’s much better to have that talk with the individual using the hardware and have them run a virus scan or similar.

    Also make sure everyone is using strong passwords (the #1 cause of any intrusion is a weak password).

Viewing 1 replies (of 1 total)
  • The topic ‘Unusual "GET" call’ is closed to new replies.