WordPress.org

Support

Support » Plugins and Hacks » [Plugin: AJAXed WordPress] Possible attack?

[Plugin: AJAXed WordPress] Possible attack?

  • I am using the fantastic post-logger plugin to see what is happening on my blog.

    This morning I found about 20 of the following entries in the log file (the p = is changing all the time):

    p = %hmI1^RXxzn2uG3
    path = (..)/wp-content/plugins/ajaxd-wordpress/modules/livepreview/.accusin
    87.126.31.177
    /index.php
    May 13, 2008, 3:22 am
    --------------**********------------------
    
    p = T89%Q7cE$YCoqIR
    path = (..)/wp-content/plugins/ajaxd-wordpress/modules/livepreview/.accusin
    87.126.31.177
    /index.php
    May 13, 2008, 3:23 am
    --------------**********------------------

    It somehow looks like an attack attempt, but I can’t completely figure out what they are trying to do.

    Anyone any ideas?

Viewing 2 replies - 1 through 2 (of 2 total)
  • I don’t know why they would be attacking that file. Nothing happens in it if WordPress isn’t loaded.

    None of the files in the modules directory initiate any behaviour without being called by WordPress or AWP. Just going to any of the files is going to throw an add_action or register_activation_hook function not found.

    Just make sure that no one had access to your server to upload any files into it. (Specifically, make sure the file .accusin is not present because I can guarantee it isn’t part of AWP if it exists.)

    Thanks for the reply. I already checked that the .accusin file is not there.

    What I think happened is the following. I got hit by the following issue. What I found is that as a result of that hack files got uploaded to (among others) the livepreview directory.

    Probably “they” were checking if “they” could still access those files.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: AJAXed WordPress] Possible attack?’ is closed to new replies.
Skip to toolbar