vivithemage

Thanks Jeff, i’ll keep that in my pocket for the next wave.

Correct, last time I narrowed it down to something like this in the log, this obviously is not it, just an example entry:

163.172.64.190 – – [27/Nov/2017:15:24:08 -0600] “GET /wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 HTTP/1.1” 200 4000 “-” “Mozilla/5.0 (compatible; AhrefsBot/5.2; +https://ahrefs.com/robot/)”
163.172.64.190 – – [27/Nov/2017:15:24:08 -0600] “GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1” 200 10056 “-” “Mozilla/5.0 (compatible; AhrefsBot/5.2; +https://ahrefs.com/robot/)”
163.172.64.190 – – [27/Nov/2017:15:24:08 -0600] “GET /wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 HTTP/1.1” 200 6908 “-” “Mozilla/5.0 (compatible; AhrefsBot/5.2; +https://ahrefs.com/robot/)”
163.172.64.190 – – [27/Nov/2017:15:24:08 -0600] “GET /wp-includes/js/jquery/ui/effect.min.js?ver=1.11.4 HTTP/1.1” 200 13420 “-” “Mozilla/5.0 (compatible; AhrefsBot/5.2; +https://ahrefs.com/robot/)”

• This reply was modified 7 years, 3 months ago by vivithemage.

Oh no, that I understand. Previously, it was using a good wordpress file, I just do not recall what, and never thought of where to report my findings. I run a web hosting company, so I run into these weird mass exploits in wordpress far too often. When I see a bunch of tickets with the same issue, related to WP, I know it’s most likely a problem with wordpress, and not a specific third party plugin, so I do some research and roll back to a restore point a day or two before the exploit.

I just figured BBQ does a bit of blocking in this regard, so maybe it’d be helpful here. I’ll be able to tell you what the file is on the next round of exploit, as I was rotating access logs daily before, I changed it to retain now.

I was also hoping to let others know that get hit with this, they aren’t the only one, haha. I am also sure the bastards who wrote this are probably going to read this :|.

• This reply was modified 7 years, 3 months ago by vivithemage.

I enabled that because I had problems with ZEN working. What problems can that cause?

I enabled that because I had problems with ZEN working. What problems can that cause?

Dang, was hoping there would be logs of such changes.

Nice, it come up with anything?

[redacted] is the domain

Also, I am on cPanel, so separate spaces are indeed in use.

I update my WP/Themes/Plugins fairly regular, maybe once every other week when I happen to log into the admin panel.

What’s the site you are using to do a scan? Would love to know it.

https://www.vivithemage.com is the domain

Also, I am on cPanel, so separate spaces are indeed in use.

I update my WP/Themes/Plugins fairly regular, maybe once every other week when I happen to log into the admin panel.

What’s the site you are using to do a scan? Would love to know it.

Looks like I can’t include links to my domain, but it’s my username . com

Also, I am on cPanel, so separate spaces are indeed in use.

I update my WP/Themes/Plugins fairly regular, maybe once every other week when I happen to log into the admin panel.

What’s the site you are using to do a scan? Would love to know it.

They are seperate spaces, using cPanel.

I update my plugins/themes/WP every other week or so when I log in, is that possibly too slow to catch it?

domain – vivithemage.com

What scan are you running? I wouldn’t mind knowing it.

Cool, looks like they just started to work again!

I actually figure out the front page, I am just trying to tweak that image of reddit going above the rest, is that movable?

figured it out :

https://robspencer.net/auto-update-wordpress-without-ftp/

Yeah, but what?