Want to improve this question? Update the question so it’s on-topic for WordPress Development Stack Exchange.
Closed 24 days ago.
I’m running a wordpress blog on a Compute Engine VM on Google Cloud. A few days ago, I received an email from Google telling me that a potential violation of their Acceptable Use Policy has been detected:
We have recently detected that your Google Cloud Project wordpress-blog (id: xxxxxx) IP XX.XXX.XXX.XXX has been performing intrusion attempts against a third-party and appears to be violating our Terms of Service. You can fix the problem by ensuring that your project traffic directed at third-parties is expected, and that your project has not been compromised. Please check the traffic originating from all your instances and fix any other instances that may be impacted by this.
I submitted an appeal where I explained them that I was not aware of the situation and asked for more details. They gave me a log from BitNinja with the malicious attempts. Let me give a sample:
XXX.XXX.XXX.XXX – – [23/Aug/2020:15:20:43 +0200] “GET /wp-admin/admin-ajax.php?action=ave_publishPost&title=random&short=1&term=1&thumb=../wp-config.php
HTTP/1.0” 400 595 “-” “Mozilla” SenseLog id [80_1_013] Message
Remote connection: [XXX.XXX.XXX.XXX:59662] Headers: [array ( ‘Host’
=> ‘in###ar.ru’, ‘User-Agent’ => ‘Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125
Safari/537.36’, ‘Connection’ => ‘close’, ‘Content-Length’ => ‘0’,
‘Content-Type’ => ‘application/x-www-form-urlencoded’,
‘Accept-Encoding’ => ‘gzip’, )]
I tried to see my own logs but didn’t find anything suspicious. Could you please give me some advice on what steps could I follow to disinfect my machine? I’m running Ubuntu 20.04 LTS.
Montassar Billeh Hazgui was right. I indeed found a known threat with the GOTMLS plugin. I hope the issue is resolved.
- Hiện tại chúng tôi có hơn 25 nghìn bài văn mẫu các thể loại.
- Kho tài liệu, đề thi học sinh giỏi các lớp vô cùng phong phú.
- Mỗi ngày cập nhật hơn 100 đề thi chất lượng từ các website bán tài liệu lớn.
Tải đề thi VIP với giá siêu rẻ tại Vip.Dethihsg247.Com