¿Encontrar el hack en los registros de Apache2?

Question

¿Encontrar el hack en los registros de Apache2?

#1 de dr jimbob (4 votos)
#2 de Jeff Ferland (3 votos)

1

El hack fue un fracaso, ya que no pudieron colocar la página creada como la página de inicio. Pero recientemente encontramos una página manipulada en nuestro sitio web (a través de rss).

Así que busqué en los registros de Apache2 y encontré la IP que lo hizo. Pero no entiendo que hice. ¿Podrías ayudarme a entender esto?

The-IP-of-the-bad-guy - - [23/Jan/2012:00:51:49 +0100] "POST /wp-login.php HTTP/1.1" 302 979 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)"
The-IP-of-the-bad-guy - - [23/Jan/2012:00:51:50 +0100] "GET /wp-admin/ HTTP/1.1" 302 436 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)"
The-IP-of-the-bad-guy - - [23/Jan/2012:00:51:50 +0100] "GET /wp-login.php?redirect_to=http%3A%2F%2Fmy-website.com%2Fwp-admin%2F&reauth=1 HTTP/1.1" 200 6314 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)"
The-IP-of-the-bad-guy - - [23/Jan/2012:19:28:58 +0100] "POST /wp-login.php HTTP/1.1" 200 6010 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:38:59 +0100] "GET /wp-login.php HTTP/1.1" 200 2267 "-" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:38:59 +0100] "GET /wp-admin/css/wp-admin.css?ver=20111208 HTTP/1.1" 200 21939 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:00 +0100] "GET /wp-includes/js/thickbox/thickbox.js?ver=3.1-20111117 HTTP/1.1" 200 4185 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:00 +0100] "GET /wp-includes/js/thickbox/thickbox.css?ver=20111117 HTTP/1.1" 200 1473 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:00 +0100] "GET /wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.2 HTTP/1.1" 200 842 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:00 +0100] "GET /wp-content/plugins/joliprint/js/wp_joliprint-min.js?ver=1.3.0 HTTP/1.1" 200 1200 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:00 +0100] "GET /wp-includes/js/jquery/jquery.js?ver=1.7.1 HTTP/1.1" 200 33557 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:00 +0100] "GET /wp-admin/css/colors-fresh.css?ver=20111206 HTTP/1.1" 200 6818 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:01 +0100] "GET /wp-admin/images/logo-login.png HTTP/1.1" 200 9240 "http://my-website.com/wp-admin/css/wp-admin.css?ver=20111208" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:01 +0100] "GET /wp-admin/images/button-grad.png HTTP/1.1" 200 589 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:01 +0100] "GET /wp-includes/js/thickbox/loadingAnimation.gif HTTP/1.1" 200 6235 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:01 +0100] "GET /favicon.ico HTTP/1.1" 200 292 "-" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:50 +0100] "GET /wp-admin/images/button-grad-active.png HTTP/1.1" 200 632 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:51 +0100] "POST /wp-login.php HTTP/1.1" 302 999 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:51 +0100] "GET /wp-admin/ HTTP/1.1" 200 10632 "http://my-website.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:52 +0100] "GET /wp-content/plugins/akismet/akismet.css?ver=2.5.4.4 HTTP/1.1" 200 902 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:52 +0100] "GET /wp-admin/load-styles.php?c=0&dir=ltr&load=admin-bar,wp-admin,wp-pointer&ver=1747f87854de3d4df3fdb74e9ef12757 HTTP/1.1" 200 24054 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:52 +0100] "GET /wp-content/plugins/nextgen-gallery/admin/css/menu.css?ver=3.3.1 HTTP/1.1" 200 638 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:52 +0100] "GET /wp-content/plugins/akismet/akismet.js?ver=2.5.4.6 HTTP/1.1" 200 1909 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:52 +0100] "GET /wp-content/plugins/google-analyticator/jquery.sparkline.min.js?ver=1.5.1 HTTP/1.1" 200 5591 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:52 +0100] "GET /wp-admin/load-scripts.php?c=0&load=jquery,utils&ver=edec3fab0cb6297ea474806db1895fa7 HTTP/1.1" 200 34157 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:52 +0100] "GET /wp-admin/images/media-button.png?ver=20111005 HTTP/1.1" 200 3465 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:52 +0100] "GET /wp-admin/images/wpspin_light.gif HTTP/1.1" 200 2541 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:52 +0100] "GET /wp-admin/load-scripts.php?c=0&load=admin-bar,thickbox,hoverIntent,common,jquery-color,wp-ajax-response,wp-lists,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,quicktags,jquery-query,admin-comments,dashboard,plugin-install,media-upload,jquery-ui-position,wp-pointer&ver=34baa2862d9a262745d9c88bef79a2b1 HTTP/1.1" 200 34460 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "GET /wp-admin/images/menu-shadow.png HTTP/1.1" 200 477 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "GET /wp-admin/images/menu.png?ver=20111128 HTTP/1.1" 200 10029 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "GET /wp-admin/images/arrows.png HTTP/1.1" 200 841 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "GET /wp-admin/images/icons32.png?ver=20111206 HTTP/1.1" 200 13791 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "GET /wp-admin/images/white-grad.png HTTP/1.1" 200 556 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "GET /wp-includes/images/admin-bar-sprite.png?d=20111130 HTTP/1.1" 200 4347 "http://my-website.com/wp-admin/load-styles.php?c=0&dir=ltr&load=admin-bar,wp-admin,wp-pointer&ver=1747f87854de3d4df3fdb74e9ef12757" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 432 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "GET /wp-includes/images/icon-pointer-flag.png HTTP/1.1" 200 1130 "http://my-website.com/wp-admin/load-styles.php?c=0&dir=ltr&load=admin-bar,wp-admin,wp-pointer&ver=1747f87854de3d4df3fdb74e9ef12757" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "GET /wp-includes/images/xit.gif HTTP/1.1" 200 528 "http://my-website.com/wp-admin/load-styles.php?c=0&dir=ltr&load=admin-bar,wp-admin,wp-pointer&ver=1747f87854de3d4df3fdb74e9ef12757" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "GET /wp-includes/images/arrow-pointer-blue.png HTTP/1.1" 200 1306 "http://my-website.com/wp-admin/load-styles.php?c=0&dir=ltr&load=admin-bar,wp-admin,wp-pointer&ver=1747f87854de3d4df3fdb74e9ef12757" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:53 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 1402 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:57 +0100] "GET /wp-admin/tools.php HTTP/1.1" 200 6074 "http://my-website.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:58 +0100] "GET /wp-admin/load-styles.php?c=0&dir=ltr&load=admin-bar,wp-admin&ver=7f0753feec257518ac1fec83d5bced6a HTTP/1.1" 200 23518 "http://my-website.com/wp-admin/tools.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:58 +0100] "GET /wp-admin/load-scripts.php?c=0&load=admin-bar,thickbox,hoverIntent,common,jquery-color,wp-ajax-response,wp-lists,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,media-upload&ver=29164086bcacfd9628adb3ba7e6061c9 HTTP/1.1" 200 22963 "http://my-website.com/wp-admin/tools.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:58 +0100] "GET /wp-admin/images/press-this.png HTTP/1.1" 200 1165 "http://my-website.com/wp-admin/load-styles.php?c=0&dir=ltr&load=admin-bar,wp-admin&ver=7f0753feec257518ac1fec83d5bced6a" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:39:58 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 432 "http://my-website.com/wp-admin/tools.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:01 +0100] "GET /wp-admin/edit-comments.php HTTP/1.1" 200 17215 "http://my-website.com/wp-admin/tools.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "GET /wp-content/plugins/subscribe-to-comments-reloaded/post-and-comments.css?ver=3.3.1 HTTP/1.1" 200 540 "http://my-website.com/wp-admin/edit-comments.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "GET /wp-content/plugins/subscribe-to-comments-reloaded/images/subscribe-to-comments-small.png HTTP/1.1" 200 1818 "http://my-website.com/wp-admin/edit-comments.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "GET /wp-includes/images/smilies/icon_wink.gif HTTP/1.1" 200 516 "http://my-website.com/wp-admin/edit-comments.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "GET /wp-includes/css/editor-buttons.css?ver=20111114 HTTP/1.1" 200 6619 "http://my-website.com/wp-admin/edit-comments.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "GET /wp-admin/load-styles.php?c=0&dir=ltr&load=wp-jquery-ui-dialog&ver=3e676db9ea65504c756e11cf9a70be9e HTTP/1.1" 200 1429 "http://my-website.com/wp-admin/edit-comments.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "GET /wp-includes/images/smilies/icon_smile.gif HTTP/1.1" 200 521 "http://my-website.com/wp-admin/edit-comments.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "GET /wp-admin/images/menu-bits.gif?ver=20100610 HTTP/1.1" 200 1487 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "GET /wp-admin/images/bubble_bg.gif HTTP/1.1" 200 742 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "GET /wp-admin/load-scripts.php?c=0&load=admin-bar,thickbox,hoverIntent,common,jquery-color,wp-ajax-response,wp-lists,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,quicktags,jquery-query,admin-comments,media-upload,word-count,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui-position,jquery-ui-dialog,wpdialogs,wplink,wpdialogs-popup&ver=d340fd552393b5ce31a5bf215e6761b1 HTTP/1.1" 200 50472 "http://my-website.com/wp-admin/edit-comments.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:02 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 432 "http://my-website.com/wp-admin/edit-comments.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:12 +0100] "GET /wp-admin/edit.php HTTP/1.1" 200 15549 "http://my-website.com/wp-admin/edit-comments.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:13 +0100] "GET /wp-includes/images/blank.gif HTTP/1.1" 200 388 "http://my-website.com/wp-admin/edit.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:13 +0100] "GET /wp-admin/images/comment-grey-bubble.png HTTP/1.1" 200 504 "http://my-website.com/wp-admin/edit.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:13 +0100] "GET /wp-admin/images/list.png HTTP/1.1" 200 1452 "http://my-website.com/wp-admin/css/colors-fresh.css?ver=20111206" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:13 +0100] "GET /wp-admin/load-scripts.php?c=0&load=admin-bar,thickbox,hoverIntent,common,jquery-color,wp-ajax-response,wp-lists,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,suggest,inline-edit-post,media-upload&ver=4f3c823d59bcbf4c7a95fc1bf0635c82 HTTP/1.1" 200 26034 "http://my-website.com/wp-admin/edit.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The-IP-of-the-bad-guy - - [25/Jan/2012:16:40:13 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 432 "http://my-website.com/wp-admin/edit.php" "Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

Registro completo: enlace

exploit apache logging wordpress

pregunta LaurentGh 02.02.2012 - 13:48

fuente

2 respuestas

3

Supongo que los problemas que surgieron se presentaron en la entrada POST /wp-login.php . Después de eso, la IP de tu atacante parece tener acceso. Las configuraciones predeterminadas de Apache no registran datos POST, por lo que es posible que no se puedan recuperar las solicitudes que se hicieron sin reparar la instancia y registrar esos datos para ver si vuelven a suceder.

respondido por el Jeff Ferland 02.02.2012 - 15:40

fuente

Lea otras preguntas en las etiquetas exploit apache logging wordpress

Instalar mi propio proxy Se sospecha que ha pirateado Windows 7 SP1 [duplicado]

score 4 · Accepted Answer

Además de cambiar apache para registrar adicionalmente datos POST , asegúrese de están utilizando la última versión de WordPress y no utilizan ningún complemento con exploits conocidos .

Además, consulte wordpress para obtener consejos sobre hardening y qué hacer cuando hackeado (actualizar, cambiar contraseñas, verificar vulnerabilidades, etc.)