Possible Successful Probes in Logwatch


#1

Hello, I get the following warning messages in my Logwatch each week. None of the themes or plugins listed exist. From what I can tell, nothing has been breached/hacked, but I wanted to check here. I have a standard EasyEgine install on Ubuntu.

A total of 16 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):

    /wp-content/plugins/plugin-newsletter/preview.php?data=../../../../wp-config.php HTTP Response 301
    /wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php HTTP Response 301
    /wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php HTTP Response 301
    /wp-content/themes/SMWF/inc/download.php?file=../../../../wp-config.php HTTP Response 301
    /wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php HTTP Response 301
    /wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP Response 301
    /wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php HTTP Response 301
    /wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php HTTP Response 301
    /wp-content/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php HTTP Response 301
    /wp-content/themes/acento/includes/view-pdf.php?download=1&file=../../../../wp-config.php HTTP Response 301
    /wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php HTTP Response 301
    /wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP Response 301
    /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php HTTP Response 301
    /wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php HTTP Response 301
    /wp-content/plugins/simple-download-button-shortcode/simple-download-button_dl.php?file=../../../../wp-config.php HTTP Response 301
    /wp-content/themes/epic/includes/download.php?file=../../../../wp-config.php HTTP Response 301

#2

I would be concerned if they were ‘HTTP Response 200’.


#3

Thank you, the only time I got than was:

 A total of 1 possible successful probes were detected (the following URLs
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit):

    null HTTP Response 200

#4

Hi @mdotk

It’s been a long time, and we haven’t heard from you. It looks like your issue is resolved.

I am closing this support topic for now. Feel free to create a new support topic if you have any queries further. :slight_smile:


#5