Title: Risk Question Last modified: November 20, 2018 --- # Risk Question * Resolved [matrimthegambler](https://wordpress.org/support/users/matrimthegambler/) * (@matrimthegambler) * [7 years, 6 months ago](https://wordpress.org/support/topic/risk-question/) * my firewall log told me the following: * DATE INCIDENT LEVEL RULE IP REQUEST * 16/Nov/18 14:35:26 #6213014 HIGH 310 153.126.172.106 GET /wp-admin/setup-config. php – Access to a configuration file – [SERVER:SCRIPT_NAME = /wp-admin/setup- config.php] – bayrock.de * 16/Nov/18 15:29:58 #3780445 HIGH 310 194.30.34.181 GET /wp-admin/setup-config. php – Access to a configuration file – [SERVER:SCRIPT_NAME = /wp-admin/setup- config.php] – bayrock.de * 16/Nov/18 17:44:02 #2523487 HIGH 310 2a01:4f8:231:327::2 GET /wp-admin/setup- config.php – Access to a configuration file – [SERVER:SCRIPT_NAME = /wp-admin/ setup-config.php] – bayrock.de * 16/Nov/18 20:44:33 #7119992 HIGH 310 31.208.43.209 GET /wp-admin/setup-config. php – Access to a configuration file – [SERVER:SCRIPT_NAME = /wp-admin/setup- config.php] – bayrock.de * I’m wondering how I should treat this log? Any risk? My wordpress is protected by htaccess, firewall, 2step-veri and so on. Who tried to get sth out of the setup-config? Btw I didn’t even install but used a backup. Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [7 years, 6 months ago](https://wordpress.org/support/topic/risk-question/#post-10898534) * Nothing to worry about: this is a scanner probing for WordPress. That is a very common issue. NinjaFirewall blocks them and write the incident to the firewall log. * Thread Starter [matrimthegambler](https://wordpress.org/support/users/matrimthegambler/) * (@matrimthegambler) * [7 years, 5 months ago](https://wordpress.org/support/topic/risk-question/#post-10941033) * What happened here? waaaaaa * 01/Dec/18 02:24:52 #2270774 CRITICAL 1353 177.53.36.67 POST /wp-admin/admin-ajax. php – Attempt to modify options table – [POST:data = {“type”:”save_setting”,” append”:false,”option”:”users_can_register”,”value” :”1″}] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:24:53 #3633543 CRITICAL 1353 177.53.36.67 POST /wp-admin/admin-ajax. php – Attempt to modify options table – [POST:data = {“type”:”save_setting”,” append”:false,”option”:”default_role”,”value” :”administrator”}] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:24:54 #3750980 CRITICAL 1354 177.53.36.67 POST /wp-admin/admin-ajax. php – Attempt to modify options table – [POST:args = users_can_register 1] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:24:55 #8157932 CRITICAL 1354 177.53.36.67 POST /wp-admin/admin-ajax.php – Attempt to modify options table–[ POST:args = default_role administrator] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:24:56 #6075518 CRITICAL 1444 177.53.36.67 POST /wp-admin/admin-ajax. php – Privilege escalation – [SERVER:SCRIPT_NAME = /wp-admin/admin-ajax.php] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:24:58 #2085182 CRITICAL 1444 177.53.36.67 POST /wp-admin/admin-ajax.php – Privilege escalation – [SERVER: SCRIPT_NAME = /wp-admin/admin-ajax.php] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:25:01 #4919760 CRITICAL 1353 177.53.36.67 POST /wp-admin/admin-ajax. php – Attempt to modify options table – [POST:data = {“type”:”save_setting”,” append”:false,”option”:”users_can_register”,”value” :”0″}] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:25:02 #1698476 CRITICAL 1353 177.53.36.67 POST /wp-admin/admin-ajax. php – Attempt to modify options table – [POST:data = {“type”:”save_setting”,” append”:false,”option”:”default_role”,”value” :”subscriber”}] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:25:03 #2531760 CRITICAL 1354 177.53.36.67 POST /wp-admin/admin-ajax. php – Attempt to modify options table – [POST:args = users_can_register 01] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:25:04 #4495741 CRITICAL 1354 177.53.36.67 POST /wp-admin/admin-ajax.php – Attempt to modify options table–[ POST:args = default_role subscriber] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:25:06 #8811914 CRITICAL 1444 177.53.36.67 POST /wp-admin/admin-ajax. php – Privilege escalation – [SERVER:SCRIPT_NAME = /wp-admin/admin-ajax.php] – [http://www.bayrock.de](http://www.bayrock.de) 01/Dec/18 02:25:07 #8118017 CRITICAL 1444 177.53.36.67 POST /wp-admin/admin-ajax.php – Privilege escalation – [SERVER: SCRIPT_NAME = /wp-admin/admin-ajax.php] – [http://www.bayrock.de](http://www.bayrock.de) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [7 years, 5 months ago](https://wordpress.org/support/topic/risk-question/#post-10941274) * They are all blocked hacking attempts trying to exploit known privilege escalation vulnerabilities in the WordPress “WP GDPR Compliance” and “Social Sharing Plugin– Kiwi” plugins (available in the wordpress.org repo), as well as the “Newspaper Theme 6.7.1” theme (available at themeforest.net). * [Macho Themes](https://wordpress.org/support/users/machothemes/) * (@machothemes) * [7 years, 5 months ago](https://wordpress.org/support/topic/risk-question/#post-10941288) * [@nintechnet](https://wordpress.org/support/users/nintechnet/) – any way you’d be able to elaborate on this? How did you figure it’s coming from Kiwi as I don’t see anything in the users’ logs above. * Thread Starter [matrimthegambler](https://wordpress.org/support/users/matrimthegambler/) * (@matrimthegambler) * [7 years, 5 months ago](https://wordpress.org/support/topic/risk-question/#post-10941519) * Thank you! Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Risk Question’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) * 5 replies * 3 participants * Last reply from: [matrimthegambler](https://wordpress.org/support/users/matrimthegambler/) * Last activity: [7 years, 5 months ago](https://wordpress.org/support/topic/risk-question/#post-10941519) * Status: resolved