Home › Forums › WooCommerce Personalized Product Options Manager (PPOM) › Hacked via PPOM Upload
Tagged: ppom hack upload php
- This topic has 1 reply, 2 voices, and was last updated 3 years, 4 months ago by Jane Brian.
-
AuthorPosts
-
May 26, 2021 at 9:36 am #24888MarkParticipant
My website was hacked. Appears the bad man was able to upload jpeg file with php code that allowed them to upload more php.
103.148.77.171 – – [24/May/2021:09:13:39 -0700] “GET /wp-content/themes/vegpoint-old/images/megnor/go_to_top.png HTTP/2.0” 200 2022 “https://website.com/wp-content/themes/vegpoint-old/style.css?ver=1.0” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:12 -0700] “GET /wp-content/themes/vegpoint-old/images/loader.svg HTTP/2.0” 200 553 “https://website.com/wp-content/themes/vegpoint-old/css/megnor/woocommerce.css?ver=5.7.2” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:13 -0700] “POST /wp-admin/admin-ajax.php HTTP/2.0” 200 652 “https://website.com/product/ultra-elite-director-package-5x/” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:13 -0700] “GET /wp-content/uploads/ppom_files/o_1f6fifd5v8op1ug85evcap1mhs9.jpg?nocache=1621872853 HTTP/2.0” 200 6196 “https://website.com/product/ultra-elite-director-package-5x/” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:13 -0700] “GET /wp-content/uploads/ppom_files/thumbs/o_1f6fifd5v8op1ug85evcap1mhs9.jpg?nocache=1621872853 HTTP/2.0” 200 5050 “https://website.com/product/ultra-elite-director-package-5x/” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”103.148.77.171 – – [24/May/2021:09:14:22 -0700] “POST /wp-admin/admin-ajax.php HTTP/2.0” 200 354 “https://website.com/product/ultra-elite-director-package-5x/” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:27 -0700] “GET /wp-content/uploads/ppom_files/o_1f6fifd5v8op1ug85evcap1mhs9.jpg?nocache=1621872853 HTTP/2.0” 304 0 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:31 -0700] “GET /wp-content/uploads/ppom_files/o_1f6fifd5v8op1ug85evcap1mhs9.php HTTP/2.0” 200 6945 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:31 -0700] “GET /favicon.ico HTTP/2.0” 200 7406 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:37 -0700] “POST /wp-content/uploads/ppom_files/o_1f6fifd5v8op1ug85evcap1mhs9.php HTTP/2.0” 200 6953 “https://website.com/wp-content/uploads/ppom_files/o_1f6fifd5v8op1ug85evcap1mhs9.php” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”103.148.77.171 – – [24/May/2021:09:14:49 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5 HTTP/2.0” 200 3051 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:53 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&do=cmd HTTP/2.0” 200 1202 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:14:55 -0700] “POST /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&do=cmd HTTP/2.0” 200 2039 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:15:01 -0700] “POST /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&do=cmd HTTP/2.0” 200 1212 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:15:06 -0700] “POST /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&do=cmd HTTP/2.0” 200 1236 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”103.148.77.171 – – [24/May/2021:09:15:07 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com HTTP/2.0” 200 2934 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:15:09 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com&do=cmd HTTP/2.0” 200 1151 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:15:21 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com HTTP/2.0” 200 3021 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:15:23 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1 HTTP/2.0” 200 2528 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”103.148.77.171 – – [24/May/2021:09:15:26 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=edit&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/config.json HTTP/2.0” 200 1958 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/config.json” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:17 -0700] “POST /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=edit&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/config.json HTTP/2.0” 200 2049 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=edit&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/config.json” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:19 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1&do=cmd HTTP/2.0” 200 1170 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=edit&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/config.json” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:22 -0700] “POST /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1&do=cmd HTTP/2.0” 200 1175 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:25 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1 HTTP/2.0” 200 2583 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:26 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 1856 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:30 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 1856 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:37 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 1856 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:39 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 1856 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:40 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 1856 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:42 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1&do=cmd HTTP/2.0” 200 1170 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:45 -0700] “POST /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1&do=cmd HTTP/2.0” 200 1230 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:47 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1 HTTP/2.0” 200 2583 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:49 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1 HTTP/2.0” 200 2583 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1&do=cmd” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:16:50 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 1877 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”103.148.77.171 – – [24/May/2021:09:17:12 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 1894 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:17:37 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 1962 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:18:32 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 2062 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:19:26 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 2090 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:19:44 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 2107 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:20:21 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 2119 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:22:41 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 2217 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:24:17 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=view&dir=/var/www/vhosts/website.com/xmrig-6.12.1&file=/var/www/vhosts/website.com/xmrig-6.12.1/log.txt HTTP/2.0” 200 2317 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/xmrig-6.12.1” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:28:24 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=delete&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&file=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files/o_1f6fifd5v8op1ug85evcap1mhs9.php HTTP/2.0” 200 1133 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
103.148.77.171 – – [24/May/2021:09:28:25 -0700] “GET /wp-content/uploads/ppom_files/defaults.php?Fosforo5&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files HTTP/2.0” 200 3021 “https://website.com/wp-content/uploads/ppom_files/defaults.php?Fosforo5&act=delete&dir=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files&file=/var/www/vhosts/website.com/httpdocs/wp-content/uploads/ppom_files/o_1f6fifd5v8op1ug85evcap1mhs9.php” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0”
May 26, 2021 at 9:37 am #24897Jane BrianKeymasterHi
Sorry, but as per policy here: https://najeebmedia.com/privacy-and-refund-policies/ your support is expired, please contact sales@najeebmedia.com to renew support. -
AuthorPosts
- You must be logged in to reply to this topic.