WordPress.org

Ready to get started?Download WordPress

Forums

I'm under attack (3 posts)

  1. zogar
    Member
    Posted 4 years ago #

    In my paggination list.

    The normal pagination link:
    /page/56/
    has change to:
    /page/56/?x=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

    I test with Pagenavi and with Pagenumber, the problem is the same.
    When I clear the caché it's return to normally.

  2. zogar
    Member
    Posted 4 years ago #

    I'm having problems with the hacking of my list of pagination.
    The normal link would be /page/56/
    But is: /page/56/?x=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
    I triet to replace a pugglin of pagination wp-pagenavi to pagenumber and the problem is still there.
    The problem apparently only happens when WP-cache is being active and the only solution that I found is clear my caché. After a few hours, I have the problem again with the links being infected.

  3. tbuley
    Member
    Posted 4 years ago #

    It looks like someone was trying to brute force a remote file inclusion trick on your pagination. /etc/passwd is your unix password file. It's encrypted, but the passwords can be cracked if they are common enough.

    http://en.wikipedia.org/wiki/Remote_File_Inclusion

    However, it wouldn't make sense for WordPress to directly feed this variable into the command line, so I don't think the culprits were successful. If anything, the thing you should watch out for there is SQL injection.

    http://en.wikipedia.org/wiki/SQL_injection

Topic Closed

This topic has been closed to new replies.

About this Topic