wtyczki – Jak rozpoznać atak złośliwego oprogramowania na stronę Woocommerce?
Mam witrynę WooCommerce hostowaną na serwerze Ubuntu Apache. Zauważyłem, że witryna staje się bardzo wolna w pewnych momentach. Zaktualizowałem WordPressa i wszystkie wtyczki. Sprawdziłem plik dziennika Apache i znalazłem następujące wpisy:
Wed Aug 07 13:08:08.349050 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/alfanew.php' not found or unable to stat
[Wed Aug 07 13:08:08.999283 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/wsoyanz.php' not found or unable to stat
[Wed Aug 07 13:08:09.088471 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/yanz.php' not found or unable to stat
[Wed Aug 07 13:08:11.022433 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/cache-compat.php' not found or unable to stat
[Wed Aug 07 13:08:11.131255 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/ajax-actions.php' not found or unable to stat
[Wed Aug 07 13:08:12.068779 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/wp-consar.php' not found or unable to stat
[Wed Aug 07 13:08:12.169191 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/repeater.php' not found or unable to stat
[Wed Aug 07 13:08:12.223212 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/admin-post.php' not found or unable to stat
[Wed Aug 07 13:08:12.392935 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/dropdown.php' not found or unable to stat
[Wed Aug 07 13:08:12.429881 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/about.php' not found or unable to stat
[Wed Aug 07 13:08:12.470249 2024] [php:error] [pid 62408] [client 52.169.90.133:11743] script '/var/www/html/admin.php' not found or unable to stat
[Wed Aug 07 13:08:15.971292 2024] [php:error] [pid 62432] [client 52.169.90.133:3101] script '/var/www/html/xmrlpc.php' not found or unable to stat
[Wed Aug 07 13:08:19.227852 2024] [php:error] [pid 62432] [client 52.169.90.133:3101] script '/var/www/html/smaxx.php' not found or unable to stat
[Wed Aug 07 13:08:22.046575 2024] [php:error] [pid 62432] [client 52.169.90.133:3101] script '/var/www/html/sx.php' not found or unable to stat
[Wed Aug 07 13:08:23.534227 2024] [php:error] [pid 62432] [client 52.169.90.133:3101] script '/var/www/html/install.php' not found or unable to stat
[Wed Aug 07 13:08:23.701598 2024] [php:error] [pid 62432] [client 52.169.90.133:3101] script '/var/www/html/gel4y.php' not found or unable to stat
[Wed Aug 07 13:08:24.096779 2024] [php:error] [pid 62432] [client 52.169.90.133:3101] script '/var/www/html/comfunctions.php' not found or unable to stat
[Wed Aug 07 13:08:25.561381 2024] [php:error] [pid 62432] [client 52.169.90.133:3101] script '/var/www/html/class.api.php' not found or unable to stat
[Wed Aug 07 13:08:25.588627 2024] [php:error] [pid 62432] [client 52.169.90.133:3101]
Czy to może wskazywać na atak malware? Jak mogę to rozwiązać? Ponadto, nie ma żadnych plików w katalogu /var/www/html; pliki mojej witryny są hostowane w innym katalogu. Czy atak jest skierowany na wyświetlany adres IP?
