Unclear action – possible intrusion ?
-
Recently Ninja firewall logged many SQL injection events as well as a code injection (… ?php echo “EmperorsTools”;? …) on my site and from what I understand all those events have been block. However, a few days later log showed an event of a file upload.
POST /wp-admin/admin-ajax.php – File upload detected, no action taken – [RxRznxqz.ph$p (409 bytes)]
Since it states “no action taken” I am now confused if the file is uploaded to my server or not ?
I have already tried to search for the file from the cPanel (no results) as well as using the file search plugin from the WP (no results as well). I have also scanned my site using Ninja scanner and it did not found anything suspicious that I could relate to this file.
As a side note, a day later some errors has been recorded in admin error log related to some SQL double entries of an plugin and after getting in touch with the plugin author it seems they are not related with this file. Besides, within blocked SQL injections there were lines that were aiming few other installed plugins as well.
Since I am not techy with all these advanced things I am really afraid if my site is compromised.
Running latest WP on PHP 7.4.33 (namecheap hosting) served over cloudflare. Having installed Sucuri security as well as Ninja WF plus additional hardenings I have found online. All plugins and themes are regularly updated. Besides, I am also using IQ block country and Limit login attempts plugins next to all mentioned as additional hardenings.
Kindly looking for your thoughts.
- The topic ‘Unclear action – possible intrusion ?’ is closed to new replies.