Установил себе плагин Hide My WP, настроил монитор и отправку сообщений на почту.
И тут он меня заваливает сообщениями типа:
The following potential attack has been detected by HMWP IDS
. If it's you please Exclude that parameter or increase Notify Threshold from IDS settings.
In most cases you don't need to do anything. Hide My WP protects you!
IP: 146.185.234.48 (146.185.234.48)
User ID:
Date: 2015-10-09T08:02:47+00:00
Total Impact: 30
Affected tags: xss csrf sqli id lfi
Affected parameters: REQUEST.new-comment=Ghcdvq++%26lt%3Ba+href%3D%26quot%3Bhttp%3A%2F%2Feeanfwbdcbhb.com%2F%26quot%3B%26gt%3Beeanfwbdcbhb%26lt%3B%2Fa%26gt%3B%2C+%5Burl%3Dhttp%3A%2F%2Fipoizcszmjfe.com%2F%5Dipoizcszmjfe%5B%2Furl%5D%2C+%5Blink%3Dhttp%3A%2F%2Fvbttkfyhmlzx.com%2F%5Dvbttkfyhmlzx%5B%2Flink%5D%2C+http%3A%2F%2Fiptppigtawbs.com%2F, POST.new-comment=Ghcdvq++%26lt%3Ba+href%3D%26quot%3Bhttp%3A%2F%2Feeanfwbdcbhb.com%2F%26quot%3B%26gt%3Beeanfwbdcbhb%26lt%3B%2Fa%26gt%3B%2C+%5Burl%3Dhttp%3A%2F%2Fipoizcszmjfe.com%2F%5Dipoizcszmjfe%5B%2Furl%5D%2C+%5Blink%3Dhttp%3A%2F%2Fvbttkfyhmlzx.com%2F%5Dvbttkfyhmlzx%5B%2Flink%5D%2C+http%3A%2F%2Fiptppigtawbs.com%2F,
Request URI: /wp-comments-post.php
Origin: 88.198.221.227
еще
The following potential attack has been detected by HMWP IDS
. If it's you please Exclude that parameter or increase Notify Threshold from IDS settings.
In most cases you don't need to do anything. Hide My WP protects you!
IP: 176.123.10.153 (176.123.10.153)
User ID:
Date: 2015-10-09T10:15:16+00:00
Total Impact: 32
Affected tags: xss csrf id rfe lfi
Affected parameters: REQUEST.<?xml_version=%26quot%3B1.0%26quot%3B+encoding%3D%26quot%3Biso-8859-1%26quot%3B%3F%26gt%3B%26lt%3BmethodCall%26gt%3B%26lt%3BmethodName%26gt%3Bwp.getUsersBlogs%26lt%3B%2FmethodName%26gt%3B%26lt%3Bparams%26gt%3B%26lt%3Bparam%26gt%3B%26lt%3Bvalue%26gt%3B%26lt%3Bstring%26gt%3Bgreen%26lt%3B%2Fstring%26gt%3B%26lt%3B%2Fvalue%26gt%3B%26lt%3B%2Fparam%26gt%3B%26lt%3Bparam%26gt%3B%26lt%3Bvalue%26gt%3B%26lt%3Bstring%26gt%3Btest%26lt%3B%2Fstring%26gt%3B%26lt%3B%2Fvalue%26gt%3B%26lt%3B%2Fparam%26gt%3B%26lt%3B%2Fparams%26gt%3B%26lt%3B%2FmethodCall%26gt%3B, POST.<?xml_version=%26quot%3B1.0%26quot%3B+encoding%3D%26quot%3Biso-8859-1%26quot%3B%3F%26gt%3B%26lt%3BmethodCall%26gt%3B%26lt%3BmethodName%26gt%3Bwp.getUsersBlogs%26lt%3B%2FmethodName%26gt%3B%26lt%3Bparams%26gt%3B%26lt%3Bparam%26gt%3B%26lt%3Bvalue%26gt%3B%26lt%3Bstring%26gt%3Bgreen%26lt%3B%2Fstring%26gt%3B%26lt%3B%2Fvalue%26gt%3B%26lt%3B%2Fparam%26gt%3B%26lt%3Bparam%26gt%3B%26lt%3Bvalue%26gt%3B%26lt%3Bstring%26gt%3Btest%26lt%3B%2Fstring%26gt%3B%26lt%3B%2Fvalue%26gt%3B%26lt%3B%2Fparam%26gt%3B%26lt%3B%2Fparams%26gt%3B%26lt%3B%2FmethodCall%26gt%3B,
Request URI: /xmlrpc.php
Origin: 88.198.221.227
Что это значит?
Значит ли это что вредоносный код уже в базе данных записан или пытается записаться?
С помощью плагина изменил адрес вп-логин на свой, а на стандартный повалились запросы типа:
Hi-
This is Hide My WP plugin. We guess someone is researching about your WordPress site.
Here is some more details:
Visitor: 184.71.152.170
URL:
http://cvetutcvety.ru/wp-login.phpUser Agent: Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.8.131 Version/11.10
Замечание модератора:
Эта тема была закрыта автоматически ввиду отсутствия активности в ней на протяжении 100+ дней.
Если Вы считаете ее актуальной и хотите оставить сообщение, то воспользуйтесь кнопкой
или обратитесь к любому из модераторов.
|