Knowledgebase

Portal Home > Knowledgebase > Articles Database > Strange Attack or Plugin causing high diskio


Strange Attack or Plugin causing high diskio




Posted by SAHostKing, 02-20-2015, 03:41 AM
Hi guys, Noticed server load was going up where it usually is 0.85 to over 4+, I checked via lvetop and found that one site was causing it. Checked the accces_logs of the site and noticed all these. 1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6516 "-" "WordPress/4.1.1; http://clientsite" 1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6517 "-" "WordPress/4.1.1; http://clientsite" 1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6522 "-" "WordPress/4.1.1; http://clientsite" 1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6517 "-" "WordPress/4.1.1; http://clientsite" 1.2.3.4 - - [20/Feb/2015:09:36:22 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6580 "-" "WordPress/4.1.1; http://clientsite" 1.2.3.4 - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6516 "-" "WordPress/4.1.1; http://clientsite" 1.2.3.4 - - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6514 "-" "WordPress/4.1.1; http://clientsite" 1.2.3.4- - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6520 "-" "WordPress/4.1.1; http://clientsite" 1.2.3.4- - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6516 "-" "WordPress/4.1.1; http://clientsite" 1.2.3.4 - - [20/Feb/2015:09:36:23 +0200] "GET /forums/?p=activity.json HTTP/1.1" 404 6516 "-" "WordPress/4.1.1; http://clientsite" It's a Wordpress site and there is no forum folder. Any idea what could be the issue?
Posted by SAHostKing, 02-20-2015, 03:44 AM
Oh found in .htaccess there was some weird redirect. I removed it and it is better now.
Posted by WPCYCLE, 02-20-2015, 10:54 AM
You should also investigate how the redirect was added to your htaccess file.
Posted by Truman, 02-21-2015, 02:25 PM
A thorough scan of your website files using a malware scanner would be a good move here. Also disable any plugins or themes configured in wordpress that are no longer needed as most of the exploits occur through them. Last edited by Truman; 02-21-2015 at 02:29 PM.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Web Host announces platform-independent tech. support for WordPress, other web apps (Views: 615)
Godaddy Standard SSL for Resellers (Views: 632)
Help! Can someone explain WHMap recurring billing via paypal (Views: 597)
Dedicated Server @ ThePlanet -Reboot question (Views: 605)
Green Web Hosting launched by NSDesign (Views: 612)