spartyjoe
Member
Posted 3 months ago #
Hello,
I'm using WordPress Firewall 2 and it reported the following:
WordPress Firewall has detected and blocked a potential attack!
Web Page:
wp-content/plugins/1-flash-gallery/upload.php?action=uploadify&fileext=php
Warning: URL may contain dangerous content!
Offending IP:
178.137.166.209 [ Get IP location ]
Offending Parameter:
$_FILE = index.bak.php
This may be a "Executable File Upload Attack."
I'm also using NextGEN Gallery v1.9.2, but not 1-flash-gallery plugin. Any ideas as how to start tracking down the root cause?
kendawes
Member
Posted 3 months ago #
Hi Joe,
What Firewall 2 is reporting is that the attack was trying to exploit a (possible) vulnerability in 1-flash-gallery.
If you had that plugin and didn't have Firewall 2, you might have a problem!
Think of the WordPress attackers as having a really big keychain with lots and lots of keys that they keep trying on your door. They keep trying different keys in the hope that *one* of them will fit. Firewall 2 just lets you know that their key didn't work....
Ken
kendawes
Member
Posted 3 months ago #
