• Resolved nam1962

    (@nam1962)


    Hi !
    I see this in my journal :

    05/Mar/17 10:58:15  #1530596  critical     -  74.91.17.178     POST /index.php - BASE64-encoded injection - [POST:z0 = QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApOyRucGF0aD0kX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddLkJhU0U2NF9kRWNPZEUoJF9HRVRbJ3o0J10pO2Z1bm...] - mysite.fr
    05/Mar/17 11:03:20  #3938141  upload       -  74.91.17.178     POST /index.php - File upload detected, no action taken - [07ljFs.php (255 bytes)] - mysite.fr
    05/Mar/17 11:03:30  #1151233  upload       -  74.91.17.178     POST /wp-admin/admin-ajax.php - File upload detected, no action taken - [07ljFs.php (255 bytes)] - mysite.fr
    05/Mar/17 11:03:37  #5034688  upload       -  74.91.17.178     POST /index.php - File upload detected, no action taken - [07ljFs.php (255 bytes)] - mysite.fr

    (the first line was attempted like 50 times)
    Should I care ?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    You are safe, the firewall blocked them. The Base64 encoded string is an attempt to inject a shell script.

    Thread Starter nam1962

    (@nam1962)

    Thank you !

    Indeed, its this quote : File upload detected, no action taken that was puzzling me 😉

    Plugin Author nintechnet

    (@nintechnet)

    It means that you allowed uploads (NinjaFirewall > Firewall Policies > Uploads).
    Someone tried to upload a file and the firewall just warned you about it. It didn’t block the request because you asked it not to block it.
    But that does not mean the file was uploaded. See also: https://wordpress.org/support/topic/were-these-files-blocked/

    Thread Starter nam1962

    (@nam1962)

    Yes, I had to allow uploads : it’s a forum, members need to upload images from time to time.
    Reading your links, I get (part of) the complexity of the upload process management ^^
    Is it possible to amend .htninja to restrict uploads to images & pdf ?

    Plugin Author nintechnet

    (@nintechnet)

    You can add any code to the .htninja and basically do whatever you want.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Am I attacked ?’ is closed to new replies.