WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: AJAXed WordPress] Possible attack? (3 posts)

  1. Triptol
    Member
    Posted 5 years ago #

    I am using the fantastic post-logger plugin to see what is happening on my blog.

    This morning I found about 20 of the following entries in the log file (the p = is changing all the time):

    p = %hmI1^RXxzn2uG3
    path = (..)/wp-content/plugins/ajaxd-wordpress/modules/livepreview/.accusin
    87.126.31.177
    /index.php
    May 13, 2008, 3:22 am
    --------------**********------------------
    
    p = T89%Q7cE$YCoqIR
    path = (..)/wp-content/plugins/ajaxd-wordpress/modules/livepreview/.accusin
    87.126.31.177
    /index.php
    May 13, 2008, 3:23 am
    --------------**********------------------

    It somehow looks like an attack attempt, but I can't completely figure out what they are trying to do.

    Anyone any ideas?

  2. Aaron Harun
    Member
    Posted 5 years ago #

    I don't know why they would be attacking that file. Nothing happens in it if WordPress isn't loaded.

    None of the files in the modules directory initiate any behaviour without being called by WordPress or AWP. Just going to any of the files is going to throw an add_action or register_activation_hook function not found.

    Just make sure that no one had access to your server to upload any files into it. (Specifically, make sure the file .accusin is not present because I can guarantee it isn't part of AWP if it exists.)

  3. Triptol
    Member
    Posted 5 years ago #

    Thanks for the reply. I already checked that the .accusin file is not there.

    What I think happened is the following. I got hit by the following issue. What I found is that as a result of that hack files got uploaded to (among others) the livepreview directory.

    Probably "they" were checking if "they" could still access those files.

Topic Closed

This topic has been closed to new replies.

About this Topic