4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

Executable File Upload Attack

by AnniePot
3 replies
  • WEB DESIGN
    • |
For the fourth morning in a row, when I've checked my emails, I've received a notification from one of my main WP blogs that WordPress Firewall has detected and blocked a potential attack.

Specifically, this was an Executable File Upload Attack. Each time the hacker attempted to upload xxxxxxxx.com//wp-content/plugins/spotlightyour/monetize/upload/upload.php?img=&nonce=

The offending IP was 78.85.253.46 (Russian).

Although WordPress firewall is successfully blocking these attacks, is there anything else I can do to protect this blog?

Thanks - Anne
#attack #executable #file #upload
  • Profile picture of the author bhmseoservices
    Originally Posted by AnniePot View Post

    For the fourth morning in a row, when I've checked my emails, I've received a notification from one of my main WP blogs that WordPress Firewall has detected and blocked a potential attack.

    Specifically, this was an Executable File Upload Attack. Each time the hacker attempted to upload xxxxxxxx.com//wp-content/plugins/spotlightyour/monetize/upload/upload.php?img=&nonce=

    The offending IP was 78.85.253.46 (Russian).

    Although WordPress firewall is successfully blocking these attacks, is there anything else I can do to protect this blog?

    Thanks - Anne
    Wow! That's exactly what happened to my website! I lost everything because of those hackers from Russia.

    Here's where I went wrong, I placed a box where users can upload their jpg's to the website. However because of the way it was programmed it would accept other file extensions. In my case the hacker uploaded a .php file.

    Likely what happened is that he uploaded that file and because of it he was able to write an executable command through the browser and that let him get access to my entire network and database.

    So my advise to you is remove anything that has to do with a user allowing to upload. I'm still finding a solution but just remove that upload thing. It's not a well protected script and I even begin to doubt Wordpress's security to allow these plugins and files to be executed through the FTP after they've uploaded the file.
    Signature
    webdesign company| seo services | Search engine optimization company
    {{ DiscussionBoard.errors[7427592].message }}
    • Profile picture of the author AnniePot
      Originally Posted by bhmseoservices View Post

      Wow! That's exactly what happened to my website! I lost everything because of those hackers from Russia.

      Here's where I went wrong, I placed a box where users can upload their jpg's to the website. However because of the way it was programmed it would accept other file extensions. In my case the hacker uploaded a .php file.

      Likely what happened is that he uploaded that file and because of it he was able to write an executable command through the browser and that let him get access to my entire network and database.

      So my advise to you is remove anything that has to do with a user allowing to upload. I'm still finding a solution but just remove that upload thing. It's not a well protected script and I even begin to doubt Wordpress's security to allow these plugins and files to be executed through the FTP after they've uploaded the file.
      No, I don't have anything like an upload box for other people on the blog.

      Thankfully, WordPress Firewall has done a great job of repelling these hacks, and in all probability will be sufficient. I was just thinking I could employ a "belt and braces" technique if someone could recommend something else.
      {{ DiscussionBoard.errors[7428066].message }}
  • Profile picture of the author bhmseoservices
    Can you show me which page on your website your talking about?
    Signature
    webdesign company| seo services | Search engine optimization company
    {{ DiscussionBoard.errors[7429140].message }}

Trending Topics