The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress plugin attacks in log

Discussion in 'Security' started by Musthafa, Jan 12, 2017.

Tags:
  1. Musthafa

    Musthafa Member

    Joined:
    Dec 14, 2016
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dubai
    cPanel Access Level:
    Root Administrator
    Hi,

    I got this in my access log.

    ============
    "POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php HTTP/1.1" 403 226 "-" "Mozilla/5.0 (Windows NT 6.1; rv:3
    4.0) Gecko/20100101 Firefox/34.0"


    and

    "POST /wp-content/plugins/wp-symposium/server/php/index.php HTTP/1.1" 403 226 "-" "Mozilla/5.0 (Windows NT 6.1; rv:34.0)
    Gecko/20100101 Firefox/34.0"

    ==================
    there are many. I dont have such plugins installed on my wordpress. So what does this means, is it still harm to my website.?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,629
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You should make sure your site and any plugins you do use, are up to date and secure. If the plugins don't exist on your account you could safely ignore these entries. Still, they are a sign that something is poking the account looking for a way in thru possibly vulnerable entry points.
    seclists.org/fulldisclosure/2015/Apr/6

    blog.sucuri.net/2014/12/wp-symposium-zero-day-vulnerability-dangers.html
     
  3. NOC_Serverpoint

    NOC_Serverpoint Well-Known Member

    Joined:
    Jul 3, 2016
    Messages:
    102
    Likes Received:
    6
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Hi,

    Please try using Brute Force Login Protection is a WordPress plugin which protects brute force login attempts by taking several factors into account.

    This is how the plugin works:

    1. Limits the number of allowed login attempts for an IP Address.
    2. It allows you to manually block an IP address from logging into WordPress
    3. It delays execution after a failed login attempt to slow down the brute force attack. This can prevent the site being killed.
    4. It also informs the users about the number of login attempts remaining before getting blocked.
    Brute Force Login Protection — WordPress Plugins

    Regards,
     
  4. Musthafa

    Musthafa Member

    Joined:
    Dec 14, 2016
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dubai
    cPanel Access Level:
    Root Administrator
  5. NOC_Serverpoint

    NOC_Serverpoint Well-Known Member

    Joined:
    Jul 3, 2016
    Messages:
    102
    Likes Received:
    6
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Hello Musthafa,

    If you have wordfence then you need not install Brute Force Login Protection. But make sure you update all the plugins regularly as the main back door for WP is via old plugins. Also, update the WP regularly.

    1. The first thing is to change the passwords of your FTP, Database, and Control panel to a good password. Password should not be simple and should be modified on a regular basis ( twice monthly at the very least ). Do not store passwords in email client, browser and FTP client.

    2. File permissions should be corrected as, 644 for files and 755 for directories.

    3. Scan your PCs/Workstation that you use for logging into your Web, using good anti-virus, anti spy ware programs and clean bad programs.

    4. Any 3rd party or custom PHP, Perl and other web applications should be kept up to date at all times. Subscribe to the software vendors security or update notifications mailing list. If an application is no longer required or in use, remove it completely. Disabling the application is not always a sure fire means of disallowing intrusion attempts.

    5.Ensure that all your 3rd party applications & plugins are updated to their latest stable versions.

    Please scan your computer and make sure that it is free from any viruses / malwares.

    Thanks,
     
Loading...

Share This Page