upload via admin-ajax.php

  • Resolved tfolkman

    (@tfolkman)


    9 years, 10 months ago

    Hello,

    I have file uploads enabled in my firewall. I also allow access to /wp-admin/admin-ajax.php. I have noticed lines like this in my log:

    14/Jan/15 01:41:21  #4566617  upload       -  31.186.174.155   POST /wp-admin/admin-ajax.php - Allowing file upload - [revslider.zip, 826 bytes]
14/Jan/15 01:41:21  #6518151  upload       -  31.186.174.155   POST /wp-admin/admin-ajax.php - Allowing file upload - [showbiz.zip, 818 bytes]
14/Jan/15 07:52:24  #4595559  upload       -  31.186.174.155   POST /wp-admin/admin-ajax.php - Allowing file upload - [revslider.zip, 826 bytes]
14/Jan/15 07:52:24  #2158008  upload       -  31.186.174.155   POST /wp-admin/admin-ajax.php - Allowing file upload - [showbiz.zip, 818 bytes]

    In my access.log, I see:

    31.186.174.155 - - [14/Jan/2015:01:41:20 -0500] "GET //index.php HTTP/1.1" 301 492 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
31.186.174.155 - - [14/Jan/2015:01:41:21 -0500] "POST //wp-admin/admin-ajax.php HTTP/1.1" 200 463 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
31.186.174.155 - - [14/Jan/2015:01:41:21 -0500] "POST //wp-admin/admin-ajax.php HTTP/1.1" 200 463 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
31.186.174.155 - - [14/Jan/2015:01:41:22 -0500] "PUT /nyet.gif HTTP/1.1" 404 12096 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)"
31.186.174.155 - - [14/Jan/2015:01:41:23 -0500] "GET /nyet.gif HTTP/1.1" 404 12118 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
31.186.174.155 - - [14/Jan/2015:07:52:23 -0500] "GET //index.php HTTP/1.1" 301 492 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
31.186.174.155 - - [14/Jan/2015:07:52:23 -0500] "POST //wp-admin/admin-ajax.php HTTP/1.1" 200 463 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
31.186.174.155 - - [14/Jan/2015:07:52:24 -0500] "POST //wp-admin/admin-ajax.php HTTP/1.1" 200 463 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
31.186.174.155 - - [14/Jan/2015:07:52:25 -0500] "PUT /nyet.gif HTTP/1.1" 404 11998 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)"
31.186.174.155 - - [14/Jan/2015:07:52:26 -0500] "GET /nyet.gif HTTP/1.1" 404 12020 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"

    However, I cannot find these .zip or .gif files anywhere on my site, and anyway, I don’t allow my apache user write access (except to my /wp-content/cache and /wp-content/uploads folders).

    Thoughts? Is this worrisome?

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘upload via admin-ajax.php’ is closed to new replies.

Tags