According to the report of team Wordfence
At
the end of the may wordfence has detected over 130 million attacks caught and
blocked
attackers
are are targeting at older vulnerabilities in outdated plugins or themes that
allows to download the file wp-config.php,
these file contains database, databases credentials, and connection information, plus authentication
An attacker with access to this file could gain access to the site’s database, where site content and users are stored cookies using xss bug
below some of attacking IP addresses in this campaign are listed
200.25.60.53
194.60.254.42
31.131.251.113
107.170.19.251
188.165.195.184
192.254.68.134
93.190.140.8
you should chance your database password and authentication unique keys and salts immediately.
If your server is configured to allow remote database access
- An attacker with your database credentials could
- Add an administrative user,
- Stealing sensitive data
- delete your site altogether.
using your security authentication keys and passwords
how to know your website was attacked or not
in your server logs. Look for any log entries containing wp-config.php in the query string that returned a200response code.
JAI HIND
let me know your thoughts Email
