• Hello,

    I am running a WordPress 4.2.2 installation on a mutualized OVH hosting with the Avada theme on its last version.

    Since two weeks, I have received about 10 times a mail from hoster telling me that their bot “Okillerd” detected an intrusion on my website.

    Problem : Executing deleted program
    Commande apparente : ././crond
    Exécutable utilisé : /homez.625/myhost/wp-content/plugins/gravityforms/.nfs00000000017a68d80000662f

    Note that the “Exécutable utilisé” line allways changes

    In order to prevent the hackers to try again, OVH blocks the whole system by changing file permissions. I then have to reset a 755 via FTP.

    Hide My WordPress plugin shows details for more than 350 hacking attempts.

    Looking at the right timecode into my hosting logs, I found this :

    109.74.6.254 URL – [11/Jun/2015:17:38:30 +0200] “POST /wp-content/plugins/revslider/js/dropdownchecklist/index.php HTTP/1.1” 200 20 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”
    109.74.6.254 URL – [11/Jun/2015:17:38:31 +0200] “POST /wp-content/plugins/fusion-core/shortcodes/class-one-fifth.php HTTP/1.1” 200 165 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”
    109.74.6.254 URL – [11/Jun/2015:17:38:31 +0200] “POST /wp-content/plugins/gravityforms/tooltips.php HTTP/1.1” 200 75 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”

    But I can’t understand what to do in order to stop the problem.

    Could anyone help me on that ?

    Thank you very much !

Viewing 2 replies - 1 through 2 (of 2 total)
  • do you have a plugin for security? try wordfence they have a ton of options for how to deal with brute force attacks as well as other security threats.

    Thread Starter Romanceor

    (@romanceor)

    Hello,
    As I told I allready have HMWP that logs the hacking attempts, but doesn’t seem to stop them…
    But I would like to understand what’s happening before to install new plugins and going into “tons of options”.
    Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Multiple hacking attempts’ is closed to new replies.