[Plugin: AJAXed WordPress] Possible attack?

(@triptol)

I am using the fantastic post-logger plugin to see what is happening on my blog.

This morning I found about 20 of the following entries in the log file (the p = is changing all the time):

p = %hmI1^RXxzn2uG3
path = (..)/wp-content/plugins/ajaxd-wordpress/modules/livepreview/.accusin
87.126.31.177
/index.php
May 13, 2008, 3:22 am
--------------**********------------------

p = T89%Q7cE$YCoqIR
path = (..)/wp-content/plugins/ajaxd-wordpress/modules/livepreview/.accusin
87.126.31.177
/index.php
May 13, 2008, 3:23 am
--------------**********------------------

It somehow looks like an attack attempt, but I can’t completely figure out what they are trying to do.

Anyone any ideas?

Viewing 2 replies - 1 through 2 (of 2 total)

Aaron Butacov
(@aaron-harun)

18 years ago

I don’t know why they would be attacking that file. Nothing happens in it if WordPress isn’t loaded.

None of the files in the modules directory initiate any behaviour without being called by WordPress or AWP. Just going to any of the files is going to throw an add_action or register_activation_hook function not found.

Just make sure that no one had access to your server to upload any files into it. (Specifically, make sure the file .accusin is not present because I can guarantee it isn’t part of AWP if it exists.)

Thread Starter triptol
(@triptol)

18 years ago

Thanks for the reply. I already checked that the .accusin file is not there.

What I think happened is the following. I got hit by the following issue. What I found is that as a result of that hack files got uploaded to (among others) the livepreview directory.

Probably “they” were checking if “they” could still access those files.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘[Plugin: AJAXed WordPress] Possible attack?’ is closed to new replies.

[Plugin: AJAXed WordPress] Possible attack?

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics