WordPress plugin attacks in log

Musthafa

• January 12, 2017 01:28

Hi, I got this in my access log. ============ "POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php HTTP/1.1" 403 226 "-" "Mozilla/5.0 (Windows NT 6.1; rv:3 4.0) Gecko/20100101 Firefox/34.0" and "POST /wp-content/plugins/wp-symposium/server/php/index.php HTTP/1.1" 403 226 "-" "Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0" ================== there are many. I dont have such plugins installed on my wordpress. So what does this means, is it still harm to my website.?

• 

  Infopro

  • January 12, 2017 12:16

  You should make sure your site and any plugins you do use, are up to date and secure. If the plugins don't exist on your account you could safely ignore these entries. Still, they are a sign that something is poking the account looking for a way in thru possibly vulnerable entry points.

  POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php

  
  seclists.org/fulldisclosure/2015/Apr/6

  OST /wp-content/plugins/wp-symposium/server/php/index.php

  
  blog.sucuri.net/2014/12/wp-symposium-zero-day-vulnerability-dangers.html

  0
• 

  NOC_Serverpoint

  • January 12, 2017 23:34

  Hi, Please try using Brute Force Login Protection is a WordPress plugin which protects brute force login attempts by taking several factors into account. This is how the plugin works:

  ]
  • Limits the number of allowed login attempts for an IP Address.
  • It allows you to manually block an IP address from logging into WordPress
  • It delays execution after a failed login attempt to slow down the brute force attack. This can prevent the site being killed.
  • It also informs the users about the number of login attempts remaining before getting blocked.

  Brute Force Login Protection " WordPress Plugins Regards,

  0
• 

  Musthafa

  • January 15, 2017 04:42

  Thank you very much NOC_Serverpoint and Infopro for your response. I have some plugins need to be updated. I have wordfence installed on my wordpress, still should I install Brute Force Login Protection ?

  0
• 

  NOC_Serverpoint

  • January 17, 2017 07:46

  Hello Musthafa, If you have wordfence then you need not install Brute Force Login Protection. But make sure you update all the plugins regularly as the main back door for WP is via old plugins. Also, update the WP regularly. 1. The first thing is to change the passwords of your FTP, Database, and Control panel to a good password. Password should not be simple and should be modified on a regular basis ( twice monthly at the very least ). Do not store passwords in email client, browser and FTP client. 2. File permissions should be corrected as, 644 for files and 755 for directories. 3. Scan your PCs/Workstation that you use for logging into your Web, using good anti-virus, anti spy ware programs and clean bad programs. 4. Any 3rd party or custom PHP, Perl and other web applications should be kept up to date at all times. Subscribe to the software vendors security or update notifications mailing list. If an application is no longer required or in use, remove it completely. Disabling the application is not always a sure fire means of disallowing intrusion attempts. 5.Ensure that all your 3rd party applications & plugins are updated to their latest stable versions. Please scan your computer and make sure that it is free from any viruses / malwares. Thanks,

  0

Please sign in to leave a comment.