Title: File upload detected Last modified: December 2, 2017 --- # File upload detected * Resolved [newwper3](https://wordpress.org/support/users/newwper3/) * (@newwper3) * [8 years, 6 months ago](https://wordpress.org/support/topic/file-upload-detected/) * Hi, * Has my site been hacked? Because I saw the log – /wp-admin/admin-ajax.php – File upload detected, no action taken, /wp-admin/admin-ajax.php – Unrestricted file upload , OST /wp-admin/admin-post.php – File upload detected, no action taken–[ XAttacker.zip (1,560 bytes)] , /wp-admin/admin-post.php – Unrestricted file upload–[ GET:page = wysija_campaigns] * ``` CRITICAL - 23.254.164.219 POST /wp-admin/admin-ajax.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - CRITICAL - 23.254.164.219 POST /wp-admin/admin.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - CRITICAL - 23.254.164.219 POST /wp-admin/admin.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - CRITICAL - 23.254.164.219 POST /index.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - CRITICAL - 23.254.164.219 POST /index.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - CRITICAL - 23.254.164.219 POST /index.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - CRITICAL - 23.254.164.219 POST /wp-admin/admin.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - UPLOAD - 23.254.164.219 POST /index.php - File upload detected, no action taken - [BackDoor.jpg (854 bytes)] - CRITICAL 1411 23.254.164.219 POST /index.php - Unrestricted file upload - [REQUEST:name = css.php.jd] - UPLOAD - 23.254.164.219 POST /index.php - File upload detected, no action taken - [index.jpg (23 bytes)] - UPLOAD - 23.254.164.219 POST /wp-admin/admin-ajax.php - File upload detected, no action taken - [XAttackerevs.zip (791 bytes)] - CRITICAL 1383 23.254.164.219 GET /wp-admin/admin-ajax.php - Unrestricted file upload - [GET:client_action = get_captions_css] - CRITICAL - 23.254.164.219 POST /index.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - CRITICAL - 23.254.164.219 POST /wp-admin/admin.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - UPLOAD - 23.254.164.219 POST /wp-admin/admin-post.php - File upload detected, no action taken - [XAttacker.zip (1,560 bytes)] - CRITICAL 1407 23.254.164.219 POST /wp-admin/admin-post.php - Unrestricted file upload - [GET:page = wysija_campaigns] - CRITICAL - 23.254.164.219 POST /index.php - Blocked file upload attempt (MIME-type mismatch) - [text/plain != XAttacker.php] - ``` Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [8 years, 6 months ago](https://wordpress.org/support/topic/file-upload-detected/#post-9743995) * All requests were blocked, except those ones: * ``` UPLOAD - 23.254.164.219 POST /index.php - File upload detected, no action taken - [BackDoor.jpg (854 bytes)] - UPLOAD - 23.254.164.219 POST /index.php - File upload detected, no action taken - [index.jpg (23 bytes)] - UPLOAD - 23.254.164.219 POST /wp-admin/admin-ajax.php - File upload detected, no action taken - [XAttackerevs.zip (791 bytes)] - UPLOAD - 23.254.164.219 POST /wp-admin/admin-post.php - File upload detected, no action taken - [XAttacker.zip (1,560 bytes)] - ``` * “File upload detected, no action taken” means that someone attempted to upload a file and that you have enabled file upload in the “Firewall Policies”, hence the firewall did not block it. But that does not mean the file was uploaded, see this discussion: [https://wordpress.org/support/topic/were-these-files-blocked/](https://wordpress.org/support/topic/were-these-files-blocked/) * Other attempts were blocked, because they are real threats (NinjaFirewall will always block them, even if you allow uploads). * Thread Starter [newwper3](https://wordpress.org/support/users/newwper3/) * (@newwper3) * [8 years, 6 months ago](https://wordpress.org/support/topic/file-upload-detected/#post-9744683) * Hi, * It means my website is safe right? :O * Should I blacklist the IP 23.254.164.219 ? * Thanks * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [8 years, 6 months ago](https://wordpress.org/support/topic/file-upload-detected/#post-9745390) * Your site is safe. You can blacklist the IP if you want. * Thread Starter [newwper3](https://wordpress.org/support/users/newwper3/) * (@newwper3) * [8 years, 6 months ago](https://wordpress.org/support/topic/file-upload-detected/#post-9746968) * Thank you 🙂 Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘File upload detected’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) * 4 replies * 2 participants * Last reply from: [newwper3](https://wordpress.org/support/users/newwper3/) * Last activity: [8 years, 6 months ago](https://wordpress.org/support/topic/file-upload-detected/#post-9746968) * Status: resolved