WordPress.org

1. GCD1
   Member
   Posted 3 years ago #

   I was looking at the raw access logs for my web site and saw an IP address that is not mine, in fact from searching it is a Chinese IP associated with hacking attempts (58.241.255.38), that accessed my WP Admin interface and various other pages.

   I see from the logs he was apparently looking for user IDs or something?

   /index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=

   /index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM

   /wp-content/plugins/fgallery/fim_rss.php?album=-1+union+select+1,0x6875616B,3,4,5,6,7/*

   I've also noticed odd traffic originating from a .ru domain, so I'm wondering if my blog wasn't posted as a "Hey everyone go try to hack this site!" deal.

   I've changed my admin password and banned the offending IP, but I don't know what else to do. Anyone have any suggestions? Thanks.

2. figaro
   Member
   Posted 3 years ago #

   but I don't know what else to do. Anyone have any suggestions? Thanks.

   Just get comfortable with it...it's not personal...it's just what hackers and spamers do. I get dozens of spam comments from .ru domains everyday as well as dozens of attempts to log into my server. Just set good passwords, keep your code (server and blog) updated, use a good spam filter (askimet is good) and don't lose any sleep over it.

3. Shane G
   Member
   Posted 3 years ago #

   Hi,

   Please check with security of your blog..

   1) Check permissions and set 644 recursive to your blog
   2) upgrade your blog to the latest version
   3) Use strong password for your blog
   4) Use only third party plugin/script which are compatible with your blog..
   5) DO NOT USE any vulnarable script into your blog..

   Thanks,

   Shane G.

Topic Closed

This topic has been closed to new replies.