![]() The only way to find out was to look at the web server log’s file (Nginx in this case) and look for any signs of compromise!ġ) “GET /wp-admin/install.php HTTP/1.1” 200 13315 “-” “curl/7.74.0” The game was getting more and more intricate…. ![]() The sysadmin, a bit disappointed, assured me that the installation had been performed according to established guidelines and that it was impossible that the site had been hacked, since the virtual server had just been created, installing the usual operating system (Ubuntu 20.04) with the usual security guidelines, and that WordPress had been installed automatically, using the latest release (5.9.2) that there was no plugin installed and was using the basic theme 2022… How is it possible that the site had been hacked?! I immediately contacted the IT manager of the client’s company, to ask for an explanation, since they had installed both the virtual server (VPS) and WordPress. query.php) and by its characteristics (hidden file and saved in the wp-includes folder), I SSHed into the server, to check the content of the file… ![]() That’s the image that came to my mind when yesterday afternoon I received an alert coming from the Sucuri security plugin, reporting an unusual file inside one of my client’s website. Remember the comic strip Lucky Luke, the fastest gun in the Far West? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |