Opened 5 years ago
Closed 5 years ago
#48049 closed enhancement (duplicate)
bots searching for vulnerable plugins
Reported by: | loranrendel | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
I've logged hundreds of attempts to download wp-config.php from my site.
/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php /wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&item=wp-config.php&order=name&srt=yes /wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php /wp-admin/admin-ajax.php?action=getfile&/../../wp-config.php /wp-content/themes/acento/includes/view-pdf.php?download=1&file=/../../wp-config.php
All these bots trying to use some vulnerabilities.
I propose to use code like this inside WordPress Core to prevent such attempts:
<?php if (strpos($_SERVER['REQUEST_URI'], 'wp-config') !== false) { die; }
Attachments (2)
Change History (6)
#3
@
5 years ago
Replying to swissspidy:
Sounds like a duplicate of #36177 which target way more files than just
wp-config.php
.
Not exactly.
My proposal will also protect from accessing files like wp-config.php~, wp-config.bak and some hooked functions.
Another requested url:
/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
#4
@
5 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Although the direction suggested in this ticket differs to that of #36177, I'm going to close this as a duplicate of that regardless.
It'll be best to keep all discussion on the general idea of "blocking malicious requests" on the same ticket, even if any implemented change doesn't necessarily follow how the ticket originally intended on it being implemented.
I'd encourage you to bring up your idea on #36177 as an alternate method.
Sounds like a duplicate of #36177 which target way more files than just
wp-config.php
.