1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I need help to get rid of a Wordpress exploit

Discussion in 'BlackHat Lounge' started by Musudan, Jun 13, 2015.

  1. Musudan

    Musudan Newbie

    Joined:
    Oct 14, 2014
    Messages:
    19
    Likes Received:
    4
    Since the first moments when a shit fiverr started sending me traffic to my site i got many visitors trying to access www mysite com/?gf_page=upload
    I've made a search and found that this exploit is a vulnerability of the Gravity Forms plugin for Wordpress which i don't use it (i use Contact Forms), but i couldn't do anything except Wordfence scan, also Virustotal scan was clean.

    Please suggest me what to do, i was having fun with my 1 week old website until i hired that scum, i'm going to take care of his reputation soon.
     
  2. Apricot

    Apricot Administrator Staff Member

    Joined:
    Mar 26, 2013
    Messages:
    12,555
    Likes Received:
    7,982
    Gender:
    Female
    Occupation:
    BHW Moderator
    Location:
    the clacks
    Home Page:
    It's not your vulnerability, so don't worry about it. Once hackers learn about openings like this, they'll send the ?gf_page=upload request to every wordpress site they can so that the ones with the vulnerabilities respond positively.

    If you don't have gravity forms, this doesn't affect you. If you do, it needs patching and cleaning fast. You can't stop the requests being made, but you can stop them having any effect.
     
  3. Musudan

    Musudan Newbie

    Joined:
    Oct 14, 2014
    Messages:
    19
    Likes Received:
    4
    I've ordered a suspension of the service and the requests stopped after 30 mins ... i've also noticed that most wordpress sites have such link.
    I'm sure that the traffic bought by the fiverr guy to resell it is full hackers, i won't use such service again.

    Thank you for your support Apricot :)
     
    Last edited: Jun 13, 2015