Odd page visit. Is it from Wordfence?

  • Resolved justwander

    (@justwander)


    6 years, 9 months ago

    Hello,

    In reviewing page visits for my site I came upon this in the listing. I have no idea what I am looking at. Is it a concern? Is it from Wordfence?

    https://Websitename.com/?1=%40ini_set%28%22display_errors%22%2C%220%22%29%3B%40set_time_limit%280%29%3B%40set_magic_quotes_runtime%280%29%3Becho%20%27-%3E%7C%27%3Bfile_put_contents%28%24_SERVER%5B%27DOCUMENT_ROOT%27%5D.%27/webconfig.txt.php%27%2Cbase64_decode%28%27PD9waHAgZXZhb

    • This topic was modified 6 years, 9 months ago by justwander.
Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi@justwander,

    This indeed seems to be an attempt to exploit a vulnerability.

    Can you confirm you’re on a Windows platform?

    Thread Starter justwander

    (@justwander)

    Yes. I am running an old operating system that I use only for my website and artwork. Web searching is done an a Mac.

    Thread Starter justwander

    (@justwander)

    I forgot to mention, I found this on WP Statistics, on the visited page listing.

    Hi @justwander,

    Apologies for the delayed update.

    This exploit is trying to write to the configuration file “webconfig.txt.php“.

    In order to figure out whether or not your site is at risk, I suggest you check with your hosting provider to make sure the “webconfig.txt.php” file has correct permissions and can not be edited by public visitors.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Odd page visit. Is it from Wordfence?’ is closed to new replies.