Schwachstelle in Plugin

Hallo zusammen,

mit dem Plugin wurde ein Hacker-Angriff durchgeführt, siehe Logfile:

x.x.x.x - - [01/Jan/1970:08:48:04 +0200] "GET /xxx/wp-login.php?action=register HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:06 +0200] "POST /xxx/wp-admin/admin-post.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:08 +0200] "POST /xxx/wp-admin/admin-post.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:10 +0200] "GET /xxx/wp-login.php?action=register HTTP/1.1" 200 4393 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:10 +0200] "POST /xxx/wp-login.php?action=register HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:22 +0200] "GET /xxx/wp-login.php?checkemail=registered HTTP/1.1" 200 4740 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:29 +0200] "GET /xxx/wp-login.php?action=rp&key=jeVdPaWXw8ZdlMz5g0an&login=violet1939 HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:31 +0200] "GET /xxx/wp-login.php?action=rp HTTP/1.1" 200 7358 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:32 +0200] "POST /xxx/wp-login.php?action=resetpass HTTP/1.1" 200 1916 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:41 +0200] "POST /xxx/wp-admin/admin-post.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:42 +0200] "POST /xxx/wp-admin/admin-post.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:44 +0200] "POST /xxx/wp-login.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:52 +0200] "GET /xxx/wp-admin/ HTTP/1.1" 200 138811 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:56 +0200] "GET /xxx/wp-admin/plugin-editor.php HTTP/1.1" 200 207999 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:58 +0200] "GET /xxx/wp-admin/plugin-editor.php?plugin=bst-dsgvo-cookie/bst.php HTTP/1.1" 200 139312 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:48:59 +0200] "GET /xxx/wp-admin/plugin-editor.php?plugin=bst-dsgvo-cookie/bst.php&file=bst-dsgvo-cookie/includes/enqueue.php HTTP/1.1" 200 128570 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
x.x.x.x - - [01/Jan/1970:08:49:01 +0200] "GET /xxx/wp-admin/plugin-editor.php?plugin=bst-dsgvo-cookie/bst.php&file=bst-dsgvo-cookie/includes/enqueue.php HTTP/1.1" 200 128570 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"

Bei einem anderen Plugin gab es im November 2018 ein ?hnliches Problem. Vielleicht wird die gleiche Schwachstelle ausgenutzt, siehe Link:

VG
Loewenherz

• This topic was modified 5 years, 7 months ago by loewenherz76.
• This topic was modified 5 years, 7 months ago by loewenherz76.
• This topic was modified 5 years, 7 months ago by loewenherz76.
• This topic was modified 5 years, 7 months ago by Jan Dembowski.

The page I need help with: [log in to see the link]