[wp-hackers] attack on wp-admin/install.php

Bryan Petty bryan at ibaku.net
Wed Oct 9 06:55:16 UTC 2013

On Wed, Oct 9, 2013 at 12:39 AM, Konrad Karpieszuk
<kkarpieszuk at gmail.com> wrote:
> two things:
> 1. my website is not so popular that in one second 20 person try to connect
> 2. as you can see in log, /wp-admin/install.php is added not always to main
> domain but sometimes to single post urls (ie
> /2013/10/wdrozenie-zakupionego-szablonu-wordpress/wp-admin/install.php
> ) This is not url which somebody type in address bar without reason

It's actually fairly likely that in the event that your DB has dropped
as Mika was suggesting, that one of your plugins or server
configuration was causing a redirect loop back to install.php itself
as well.

Most hack attempts don't intentionally claim a user agent as
"Feedfetcher-Google" (which was also seeing that install.php redirect

Bryan Petty

More information about the wp-hackers mailing list