Site was hacked and found this
-
Hello Community,
i found today that my wordpress site was hacked. Wordfence is running.
What i foudn was:
load.php was changed and there was a .aaaaa.css file /sodium/src
The time the files where changed i find this in access log:
85.214.41.226 – – [08/Jun/2024:00:18:49 +0000] “POST /?qLDzA=pMU HTTP/1.1″ 200 58980 “https://xxxxxxx” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.183” 1240 63620
209.61.197.16 – – [08/Jun/2024:00:19:01 +0000] “POST /wp-content/plugins/shortpixel-image-optimiser/res/img/bulk/style.php HTTP/1.0” 200 121 “https://amazon1.org/” “Mozilla/5.0 (iPhone; CPU iPhone OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Mobile/15E148 Safari/604.1” 9969 3914
207.180.204.122 – – [08/Jun/2024:00:19:02 +0000] “POST /?Dawk=dHI HTTP/1.1″ 200 103 “https://xxxxxxxx/” “Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1” 1248 4046
146.255.83.74 – – [08/Jun/2024:00:19:03 +0000] “POST /?vRRIU=QRNI HTTP/1.1″ 200 56 “https://xxxxx/” “Mozilla/5.0 (iPhone; CPU iPhone OS 15_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Mobile/15E148 Safari/604.1” 24284 3998
- You must be logged in to reply to this topic.
