WordPress security issue – upload webscript
-
Hello,
We have a www.remarpro.com website hosted into a KVM. We noticed that we suffer regularly from unauthorized uploads of scrip exploits (copied below), that use the WordPress files admin-post.php and admin-ajax.php to upload those scripts.
I deleted the exploit files from the server. I set (again) the WordPress folders to 755 and files to 644. I wonder if there is anything you can do to avoid those WordPress files to be used to upload exploits into a server.
Looking forward to your reply,
Rgs
IM
Web referer URL :
Local IP : xxx
Web upload script user : nobody (99)
Web upload script owner: xxxxxx (1001)
Web upload script path : /home/xxxxxx/public_html/wp-admin/admin-ajax.php
Web upload script URL : https://xxxxxxx/wp-admin/admin-ajax.php
Remote IP : 205.185.123.173 FrantechSolutions
Deleted : No
Quarantined : No———– SCAN REPORT ———–
TimeStamp:
(/usr/sbin/cxs –nobayes –cgi –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –noforce –html –mail root –options mMOLfSGchexdnwZDRru –qoptions Mv –quiet –sizemax 1000000 –smtp –ssl –summary –sversionscan –timemax 30 –nounofficial –novirusscan /tmp/20180917-015445-W59BpduidjdfatuYgCKlMwAAABg-file-2LHfFB)‘/tmp/20180917-015445-W59BpduidjdfatuYgCKlMwAAABg-file-2LHfFB’
Known exploit = [Fingerprint Match] [RFI Exploit [P1419]]
- The topic ‘WordPress security issue – upload webscript’ is closed to new replies.