Is it a sql injection ? how to avoid it ?
-
Hi everyone,
My wordpress site has been hacked last week, so i found the logs and tried to see where the hack comes from, as you can see there is a abnormal POST request mentioning a “sql.php” file:66.249.67.85 my_site.fr - [02/Jul/2015:20:17:41 +0200] "GET /robots.txt HTTP/1.1" 500 538 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 157.55.39.43 my_site.fr - [02/Jul/2015:20:20:31 +0200] "GET /robots.txt HTTP/1.1" 500 538 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" 185.25.150.210 my_site.fr - [02/Jul/2015:20:33:51 +0200] "POST /wp-content/sql.php HTTP/1.1" 200 76 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36" 157.55.39.201 my_site.fr - [02/Jul/2015:20:36:13 +0200] "GET /robots.txt HTTP/1.1" 500 538 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" 91.219.6.226 my_site.fr - [02/Jul/2015:20:36:18 +0200] "POST /wp-content/sql.php HTTP/1.1" 200 76 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36" 213.108.248.40 my_site.fr - [02/Jul/2015:20:38:30 +0200] "POST /wp-content/sql.php HTTP/1.1" 200 76 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"So i checked this file, and here is the begining (it’s a very ugly and long file):
[Moderated – Please use PasteBin to share that]
I would like to know if it’s indeed a sql injection and how to avoid it in the future.
Cheers
Aymeric
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
The topic ‘Is it a sql injection ? how to avoid it ?’ is closed to new replies.