Title: [Plugin: AJAXed WordPress] Possible attack? Last modified: August 19, 2016 --- # [Plugin: AJAXed WordPress] Possible attack? * [triptol](https://wordpress.org/support/users/triptol/) * (@triptol) * [18 years ago](https://wordpress.org/support/topic/plugin-ajaxed-wordpress-possible-attack/) * I am using the fantastic post-logger plugin to see what is happening on my blog. * This morning I found about 20 of the following entries in the log file (the p = is changing all the time): * ``` p = %hmI1^RXxzn2uG3 path = (..)/wp-content/plugins/ajaxd-wordpress/modules/livepreview/.accusin 87.126.31.177 /index.php May 13, 2008, 3:22 am --------------**********------------------ p = T89%Q7cE$YCoqIR path = (..)/wp-content/plugins/ajaxd-wordpress/modules/livepreview/.accusin 87.126.31.177 /index.php May 13, 2008, 3:23 am --------------**********------------------ ``` * It somehow looks like an attack attempt, but I can’t completely figure out what they are trying to do. * Anyone any ideas? Viewing 2 replies - 1 through 2 (of 2 total) * [Aaron Butacov](https://wordpress.org/support/users/aaron-harun/) * (@aaron-harun) * [18 years ago](https://wordpress.org/support/topic/plugin-ajaxed-wordpress-possible-attack/#post-763545) * I don’t know why they would be attacking that file. Nothing happens in it if WordPress isn’t loaded. * None of the files in the modules directory initiate any behaviour without being called by WordPress or AWP. Just going to any of the files is going to throw an add_action or register_activation_hook function not found. * Just make sure that no one had access to your server to upload any files into it. (Specifically, make sure the file .accusin is not present because I can guarantee it isn’t part of AWP if it exists.) * Thread Starter [triptol](https://wordpress.org/support/users/triptol/) * (@triptol) * [18 years ago](https://wordpress.org/support/topic/plugin-ajaxed-wordpress-possible-attack/#post-763562) * Thanks for the reply. I already checked that the .accusin file is not there. * What I think happened is the following. I got hit by the following [issue](http://wordpress.org/support/topic/170227?replies=5#post-757230). What I found is that as a result of that hack files got uploaded to (among others) the livepreview directory. * Probably “they” were checking if “they” could still access those files. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘[Plugin: AJAXed WordPress] Possible attack?’ is closed to new replies. * 2 replies * 2 participants * Last reply from: [triptol](https://wordpress.org/support/users/triptol/) * Last activity: [18 years ago](https://wordpress.org/support/topic/plugin-ajaxed-wordpress-possible-attack/#post-763562) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics