Clarification about “green” symbol in Live Traffic

  • In the Live Traffic report I noticed the following entry about someone accessing a page:
    “site-name/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php”
    Now, the link should lead nowhere (no such theme) but what confused me was that the icon was green (as opposed to red = blocked or yellow = warning). The list says green should only mean a human accessed the page but to me it seems as if the color green equals success. When I log in to the site, I also appear as a green human. How should I interpret the attempt? Was this a successful attempt (in some strange way) to access the wp-config file?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @lernerleben,

    If someone visits your page, and your website returns a 404 status code – it should show up as a yellow icon.

    For example: https://i.imgur.com/D52KCWp.png

    Can you check if the file exists? In any case, it looks like this request is trying to reveal the wp-config.php file (which contains sensitive credentials). I’d recommend blocking the IP address of this request.

    Dave

    Thread Starter lernerleben

    (@lernerleben)

    Thanks Dave

    As I wrote it showed the green human icon. It didn’t return a 404 even though the theme “MichaelCanthony”doesn’t exist and should have returned a 404. I can see that the server response was a 200.

    I did block the IP and the same IP address had tried other attempts before and after this “green” one, all of which returned 404s and yellow warning triangles. This also included an attempt to find the same theme.
    Picture here:

    View post on imgur.com

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Clarification about “green” symbol in Live Traffic’ is closed to new replies.