[wp-hackers] attack on wp-admin/install.php
kkarpieszuk at gmail.com
Wed Oct 9 06:39:56 UTC 2013
1. my website is not so popular that in one second 20 person try to connect
2. as you can see in log, /wp-admin/install.php is added not always to main
domain but sometimes to single post urls (ie
) This is not url which somebody type in address bar without reason
(en) regards / (pl) pozdrawiam
http://tradematik.pl wtyczka do WordPressa do tworzenia sklepów dla
klientów z Polski
On Tue, Oct 8, 2013 at 8:47 PM, Mika A Epstein <ipstenu at ipstenu.org> wrote:
> I think causality is the other way around.
> People were hitting install.php so much because the wizard was showing.
> Was your SQL server glitching?
> Konrad Karpieszuk <mailto:kkarpieszuk at gmail.com>
>> October 8, 2013 9:56 AM
>> today few people reported me that instead of main page of my wordpress
>> site, they see installation wizard. after few minutes main website was ok,
>> but every subpages had error 404.
>> i went to dashborad > settings > permalink and refreshed structure of
>> permalinks. after that all website was ok.
>> but i see i logs that really somebody tried to get into install.php
>> even few times per second, this is apache log from begging of attack:
>> question: how it was possible that regular visitors saw installation
>> during this attack? and why affter attack permalinks was broken?
>> at this domain i have two sites:
>> dev.wpzlecenia.pl - everything is up to date
>> wpzlecenia.pl - two plugins are in older versions
>> - Google XML Sitemaps (i have 3.2.9) here is changelog
>> it looks that this plugin has no security issue in this version
>> - WordPress SEO by Yoast - (i have version 1.4.15) here is changelog
>> http://wordpress.org/plugins/**wordpress-seo/changelog/<http://wordpress.org/plugins/wordpress-seo/changelog/>, it looks that
>> everything is ok in this older version
>> (en) regards / (pl) pozdrawiam
>> Konrad Karpieszuk
>> http://tradematik.pl wtyczka do WordPressa do tworzenia sklepów dla
>> klientów z Polski
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> Mika A Epstein (aka Ipstenu)
> http://ipstenu.org | http://halfelf.org
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
More information about the wp-hackers