Is this an attack attempt ?

  • Hello

    I was this in my activity logs.
    Does anyone know more about that ?

    An unknown location at IP 127.0.0.1 was blocked by firewall for Directory Traversal in query string: Script=..%2F..%2F..%2F..%2Fcnf%2Fdb.php at https://……/etc/lib/pChart2/examples/index.php?Action=View&Script=..%2F..%2F..%2F..%2Fcnf%2Fdb.php
    05/12/2016 17:16:08 (6 minutes ago) IP: 127.0.0.1 [block] Hostname: XXXXXXXX
    Browser: Chrome version 0.0 running on Win7
    Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36

    Thanks ??

    • This topic was modified 7 years, 11 months ago by dorians.
Viewing 5 replies - 1 through 5 (of 5 total)

  • IP 127.0.0.1 is on at least one blacklist. Clearly an attack attempt.

    They were looking for a door to attack your site via pChar2.

    Google is your friend.

    https://www.exploit-db.com/exploits/31173/

    MTN

    Thread Starter dorians

    (@dorians)

    Oh crap im only on staging env and I already have attacks…

    Do you thing its targeted or mass ?

    Thx

    Every site on the planet gets attacked, 24/7, don’t panic, you have Wordfence. As for targeted or not, does it matter? And what would you do about it if it was targeted? MTN

    Hello dorians,
    First thing you need to know about this IP “127.0.0.1”, is that it’s your “servers’s loopback address” or localhost, and it’s part of the private addresses that must be whitlisted in Wordfence, know more about that by checking “How Wordfence handles Private Addresses“.

    So, the question is, should you see such entries coming from this IP address in “Live Traffic”? the answer is, no.

    It could be something wrong with your web host configuration (or the staging configuration to be more specific in your case), or you don’t have “How does Wordfence get IPs” option set correctly, a good way to test this option is trying to reload your website in another browser window (let’s say a Chrome incognito window), then check “Live Traffic” log and make sure your IP address is being detected correctly there, if it’s not, then you need to re-configure “How does Wordfence get IPs” option correctly depending on your server configuration.

    Thanks.

    Sorry about my inaccurate post about IP 127.0.0.1, was trying to help, in a hurry. Mea Culpa. MTN

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is this an attack attempt ?’ is closed to new replies.