brute force question

  • rshay

    (@rshay)


    3 years, 8 months ago

    Hello!
    I keep getting a brute force attack and when i check the link theyre using to try to log in (its a link with random letters and php at the end like example.com/jepsxe.php) the page says “XML-RPC server accepts posts requests only”.
    Im confused where they found this link and how theyre using it to log in.

    I appreciate the help!

    • This topic was modified 3 years, 8 months ago by rshay.
Viewing 3 replies - 1 through 3 (of 3 total)
  • catacaustic

    (@catacaustic)

    3 years, 8 months ago

    Does the file /jepsxe.php exist on your site?

    If it doesn’t, then don’t wory, it’s bots trying to exploit 404 pages or searching for past exploits.

    If it does, that means that your site has been hacked. Read through this and take the actions that you need to so you can secure your site.

    FAQ My site was hacked

    Thread Starter rshay

    (@rshay)

    3 years, 8 months ago

    Hello, thank you for your reply!
    the file (not the example i mentioned but the real one i was referring to) does exist but does it always mean that the site has been hacked? I was told the file is a core wordpress file. i have a plugin that lets me see member’s history and have not seen anything suspicious. The only thing is that theyve been using that link to try to guess the passwords of my community members. This has been happening for some months now.

    Thank you

    catacaustic

    (@catacaustic)

    3 years, 8 months ago

    WordPress files in the root directory are not called that, or any sort of combination of random letters in the file name.

    If it’s part of one of you rplugins, look at the source code of the file. It will say near the top that it’s part of *something*. If it doesn’t, your site’s been hacked.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘brute force question’ is closed to new replies.