wp-ajax vulnerability though everything is updated

  • jonars

    (@jonars)


    4 years, 6 months ago

    Dear Forum,

    since about 8 Weeks I get injections of a new user (wordpressssadmin, yes with 4 times the S) and I see in the logs that the attack is started via wp-ajax:
    https://pastebin.com/bNq7CCFf

    Everything which is done is just to re-direct the website to some spammy website which is never the same. So my fixes are always to revert this and to delete the user. Then it is working for hours to weeks until the attack is happening again.

    See my .htaccess:
    https://paste.ubuntu.com/p/PPc7sptsx7/

    Neither Sucuri nor WP Fence or any public available pen test detect vulnerabilities or risks or old plug ins or files.

    Every Plugin is updated, WP of course as well.

    What I did right now is to place htpasswd protection in /wp-admin but this is not fixing the source so I am still very eager to understand the problem.

    Please help me with that. I am desperate.

    Best
    Jonas

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘wp-ajax vulnerability though everything is updated’ is closed to new replies.