Critical attack

  • Resolved eddyferns

    (@eddyferns)


    9 years, 8 months ago

    I have received the below attack in the firewall log under critical:

    Rule 1369 POST /index.php – WP: Download Manager remote command execution – [POST:execute = wp_insert_user]

    Was the attack successful or a failure?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    9 years, 8 months ago

    The firewall blocked it, so there is no need to worry about it.
    Whatever you see in the log means it was blocked, unless stated otherwise.

    Make sure you enabled the “NinjaFirewall > Updates > Check for updates hourly” option so that your rules are always up to date.

    Thread Starter eddyferns

    (@eddyferns)

    9 years, 8 months ago

    Thanks for the info.

    As the IP of the attacker is mentioned, is it then possible to exactly identify the attacker using your pro or premium version?

    Plugin Author nintechnet

    (@nintechnet)

    9 years, 8 months ago

    It would be a waste of time, I’m afraid. They use scripts/bots running from infected servers or computers, or connect over HTTP proxies. Even blocking the IP would not help much, because they will come back with another one. The most important is to reject it right away as did NinjaFirewall.

    Thread Starter eddyferns

    (@eddyferns)

    9 years, 8 months ago

    Thanks! So I’ll just let Ninja to do what it does.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Critical attack’ is closed to new replies.