[wp-hackers] attack on wp-admin/install.php
Konrad Karpieszuk
kkarpieszuk at gmail.com
Wed Oct 9 06:39:56 UTC 2013
two things:
1. my website is not so popular that in one second 20 person try to connect
2. as you can see in log, /wp-admin/install.php is added not always to main
domain but sometimes to single post urls (ie
/2013/10/wdrozenie-zakupionego-szablonu-wordpress/wp-admin/install.php
) This is not url which somebody type in address bar without reason
--
(en) regards / (pl) pozdrawiam
Konrad Karpieszuk
http://tradematik.pl wtyczka do WordPressa do tworzenia sklepów dla
klientów z Polski
On Tue, Oct 8, 2013 at 8:47 PM, Mika A Epstein <ipstenu at ipstenu.org> wrote:
> I think causality is the other way around.
>
> People were hitting install.php so much because the wizard was showing.
> Was your SQL server glitching?
>
> Konrad Karpieszuk <mailto:kkarpieszuk at gmail.com>
>> October 8, 2013 9:56 AM
>>
>> hello
>>
>> today few people reported me that instead of main page of my wordpress
>> site, they see installation wizard. after few minutes main website was ok,
>> but every subpages had error 404.
>>
>> i went to dashborad > settings > permalink and refreshed structure of
>> permalinks. after that all website was ok.
>>
>> but i see i logs that really somebody tried to get into install.php
>> script,
>> even few times per second, this is apache log from begging of attack:
>>
>> http://wklej.org/id/1145478/
>>
>> question: how it was possible that regular visitors saw installation
>> script
>> during this attack? and why affter attack permalinks was broken?
>>
>> at this domain i have two sites:
>> dev.wpzlecenia.pl - everything is up to date
>> wpzlecenia.pl - two plugins are in older versions
>> - Google XML Sitemaps (i have 3.2.9) here is changelog
>> http://www.arnebrachhold.de/**projects/wordpress-plugins/**
>> google-xml-sitemaps-generator/**changelog/<http://www.arnebrachhold.de/projects/wordpress-plugins/google-xml-sitemaps-generator/changelog/>
>> ,
>> it looks that this plugin has no security issue in this version
>> - WordPress SEO by Yoast - (i have version 1.4.15) here is changelog
>> http://wordpress.org/plugins/**wordpress-seo/changelog/<http://wordpress.org/plugins/wordpress-seo/changelog/>, it looks that
>> everything is ok in this older version
>>
>>
>>
>> --
>> (en) regards / (pl) pozdrawiam
>> Konrad Karpieszuk
>> http://tradematik.pl wtyczka do WordPressa do tworzenia sklepów dla
>> klientów z Polski
>> ______________________________**_________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
>> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>>
>
> --
> Mika A Epstein (aka Ipstenu)
> http://ipstenu.org | http://halfelf.org
>
> ______________________________**_________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>
More information about the wp-hackers
mailing list