Title: upload via admin-ajax.php
Last modified: August 22, 2016

---

# upload via admin-ajax.php

 *  Resolved [tfolkman](https://wordpress.org/support/users/tfolkman/)
 * (@tfolkman)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/upload-via-admin-ajaxphp/)
 * Hello,
 * I have file uploads enabled in my firewall. I also allow access to /wp-admin/
   admin-ajax.php. I have noticed lines like this in my log:
 *     ```
       14/Jan/15 01:41:21  #4566617  upload       -  31.186.174.155   POST /wp-admin/admin-ajax.php - Allowing file upload - [revslider.zip, 826 bytes]
       14/Jan/15 01:41:21  #6518151  upload       -  31.186.174.155   POST /wp-admin/admin-ajax.php - Allowing file upload - [showbiz.zip, 818 bytes]
       14/Jan/15 07:52:24  #4595559  upload       -  31.186.174.155   POST /wp-admin/admin-ajax.php - Allowing file upload - [revslider.zip, 826 bytes]
       14/Jan/15 07:52:24  #2158008  upload       -  31.186.174.155   POST /wp-admin/admin-ajax.php - Allowing file upload - [showbiz.zip, 818 bytes]
       ```
   
 * In my access.log, I see:
 *     ```
       31.186.174.155 - - [14/Jan/2015:01:41:20 -0500] "GET //index.php HTTP/1.1" 301 492 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
       31.186.174.155 - - [14/Jan/2015:01:41:21 -0500] "POST //wp-admin/admin-ajax.php HTTP/1.1" 200 463 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
       31.186.174.155 - - [14/Jan/2015:01:41:21 -0500] "POST //wp-admin/admin-ajax.php HTTP/1.1" 200 463 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
       31.186.174.155 - - [14/Jan/2015:01:41:22 -0500] "PUT /nyet.gif HTTP/1.1" 404 12096 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)"
       31.186.174.155 - - [14/Jan/2015:01:41:23 -0500] "GET /nyet.gif HTTP/1.1" 404 12118 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
       31.186.174.155 - - [14/Jan/2015:07:52:23 -0500] "GET //index.php HTTP/1.1" 301 492 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
       31.186.174.155 - - [14/Jan/2015:07:52:23 -0500] "POST //wp-admin/admin-ajax.php HTTP/1.1" 200 463 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
       31.186.174.155 - - [14/Jan/2015:07:52:24 -0500] "POST //wp-admin/admin-ajax.php HTTP/1.1" 200 463 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)"
       31.186.174.155 - - [14/Jan/2015:07:52:25 -0500] "PUT /nyet.gif HTTP/1.1" 404 11998 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)"
       31.186.174.155 - - [14/Jan/2015:07:52:26 -0500] "GET /nyet.gif HTTP/1.1" 404 12020 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
       ```
   
 * However, I cannot find these .zip or .gif files anywhere on my site, and anyway,
   I don’t allow my apache user write access (except to my /wp-content/cache and/
   wp-content/uploads folders).
 * Thoughts? Is this worrisome?
 * [https://wordpress.org/plugins/ninjafirewall/](https://wordpress.org/plugins/ninjafirewall/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/upload-via-admin-ajaxphp/#post-5670914)
 * Hi,
 * Please see that thread : [Understanding the file uploads rule](https://wordpress.org/support/topic/understanding-the-the-file-uploads-rule)
   
   The firewall did not block the upload attempt because you enabled uploads, then
   it forwarded it to WordPress which discarded it. This was an attempt to exploit
   the Slider Revolution [shell upload vulnerability](http://nin.link/fd78). If 
   you use that plugin, ensure you are up to date, otherwise, nothing to worry about
   it.
 *  Thread Starter [tfolkman](https://wordpress.org/support/users/tfolkman/)
 * (@tfolkman)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/upload-via-admin-ajaxphp/#post-5670971)
 * Thanks for the pointer to the other thread!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘upload via admin-ajax.php’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

## Tags

 * [ajax](https://wordpress.org/support/topic-tag/ajax/)

 * 2 replies
 * 2 participants
 * Last reply from: [tfolkman](https://wordpress.org/support/users/tfolkman/)
 * Last activity: [11 years, 5 months ago](https://wordpress.org/support/topic/upload-via-admin-ajaxphp/#post-5670971)
 * Status: resolved