Portal Home > Knowledgebase > Articles Database > Strange Attack or Plugin causing high diskio
Strange Attack or Plugin causing high diskio
Posted by SAHostKing, 02-20-2015, 03:41 AM |
Hi guys,
Noticed server load was going up where it usually is 0.85 to over 4+, I checked via lvetop and found that one site was causing it. Checked the accces_logs of the site and noticed all these.
1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6516 "-" "WordPress/4.1.1; http://clientsite"
1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6517 "-" "WordPress/4.1.1; http://clientsite"
1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6522 "-" "WordPress/4.1.1; http://clientsite"
1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6517 "-" "WordPress/4.1.1; http://clientsite"
1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6580 "-" "WordPress/4.1.1; http://clientsite"
1.2.3.4 - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6516 "-" "WordPress/4.1.1; http://clientsite"
1.2.3.4 - - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6514 "-" "WordPress/4.1.1; http://clientsite"
1.2.3.4- - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6520 "-" "WordPress/4.1.1; http://clientsite"
1.2.3.4- - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6516 "-" "WordPress/4.1.1; http://clientsite"
1.2.3.4 - - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6516 "-" "WordPress/4.1.1; http://clientsite"
It's a Wordpress site and there is no forum folder. Any idea what could be the issue?
|
Posted by SAHostKing, 02-20-2015, 03:44 AM |
Oh found in .htaccess there was some weird redirect. I removed it and it is better now.
|
Posted by WPCYCLE, 02-20-2015, 10:54 AM |
You should also investigate how the redirect was added to your htaccess file.
|
Posted by Truman, 02-21-2015, 02:25 PM |
A thorough scan of your website files using a malware scanner would be a good move here. Also disable any plugins or themes configured in wordpress that are no longer needed as most of the exploits occur through them.
Last edited by Truman; 02-21-2015 at 02:29 PM.
|
Add to Favourites Print this Article
Also Read