Multiple hacking attempts
-
Hello,
I am running a WordPress 4.2.2 installation on a mutualized OVH hosting with the Avada theme on its last version.
Since two weeks, I have received about 10 times a mail from hoster telling me that their bot “Okillerd” detected an intrusion on my website.
Problem : Executing deleted program
Commande apparente : ././crond
Exécutable utilisé : /homez.625/myhost/wp-content/plugins/gravityforms/.nfs00000000017a68d80000662fNote that the “Exécutable utilisé” line allways changes
In order to prevent the hackers to try again, OVH blocks the whole system by changing file permissions. I then have to reset a 755 via FTP.
Hide My WordPress plugin shows details for more than 350 hacking attempts.
Looking at the right timecode into my hosting logs, I found this :
109.74.6.254 URL – [11/Jun/2015:17:38:30 +0200] “POST /wp-content/plugins/revslider/js/dropdownchecklist/index.php HTTP/1.1” 200 20 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”
109.74.6.254 URL – [11/Jun/2015:17:38:31 +0200] “POST /wp-content/plugins/fusion-core/shortcodes/class-one-fifth.php HTTP/1.1” 200 165 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”
109.74.6.254 URL – [11/Jun/2015:17:38:31 +0200] “POST /wp-content/plugins/gravityforms/tooltips.php HTTP/1.1” 200 75 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”But I can’t understand what to do in order to stop the problem.
Could anyone help me on that ?
Thank you very much !
- The topic ‘Multiple hacking attempts’ is closed to new replies.