spaedi Posted May 8, 2014 Report Share Posted May 8, 2014 Was looking through my server logs the other day and there is many bots trying to find vulnerabilities in my site, mainly via wordpress wp-admin.Here's a snippet of the log 217.12.219.32 /dump.sql 5/7/14 8:43 PM 1172 217.12.219.32 /dump.sql 5/7/14 8:43 PM 32846 217.12.219.32 /Dump.sql 5/7/14 8:43 PM 1172 217.12.219.32 /Dump.sql 5/7/14 8:43 PM 32846 217.12.219.32 /fknbored.com.sql 5/7/14 8:43 PM 1172 217.12.219.32 /fknbored.com.sql 5/7/14 8:43 PM 32846 217.12.219.32 /fknbored.sql 5/7/14 8:43 PM 1172 217.12.219.32 /fknbored.sql 5/7/14 8:43 PM 32846 217.12.219.32 /backup.sql 5/7/14 8:43 PM 1172 217.12.219.32 /backup.sql 5/7/14 8:43 PM 32846 217.12.219.32 /wp-config.php~ 5/7/14 8:43 PM 1172 217.12.219.32 /wp-config.php~ 5/7/14 8:43 PM 32846 217.12.219.32 /configuration.php~ 5/7/14 8:43 PM 1172 217.12.219.32 /configuration.php~ 5/7/14 8:43 PM 32846 217.12.219.32 /wp-config.php.bak 5/7/14 8:43 PM 1172 217.12.219.32 /wp-config.php.bak 5/7/14 8:43 PM 32846 217.12.219.32 /wp-config.bak.php 5/7/14 8:43 PM 1172 217.12.219.32 /wp-config.bak.php 5/7/14 8:43 PM 32846 I myself don't actually use wordpress and will add a htaccess rule for wp-admin.. Just thought I'd share and give people a heads up, don't leave old config or database files on your server, and change your admin and config files to something less obvious than "admin" or "config". These a just a few tips everyone should be following, there are many others I won't go into. Quote Link to comment Share on other sites More sharing options...
Michael D. Posted May 8, 2014 Report Share Posted May 8, 2014 Extremely common unfortunately. The internet is an extremely hostile place which is why we try to advise people to keep their software up-to-date. Quote Link to comment Share on other sites More sharing options...
spaedi Posted May 8, 2014 Author Report Share Posted May 8, 2014 Extremely common unfortunately. The internet is an extremely hostile place which is why we try to advise people to keep their software up-to-date. Totally agree. While we're on the topic I might add a little piece of code I use on include files which shouldn't be directly accessed, it may help some people. //Stop direct accessif(count(get_included_files()) ==1) exit("Direct access not permitted."); This will prevent the script from executing if accessed directly, but will still function as an include. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.