Through the use of weak files on WordPress websites, Anonymousfox may access administrator accounts and server root. Anonymousfox can quickly gain access to your hosting cpanel with root file access by changing the contact information and changing the cpanel account password. Remember that Anonymousfox can contaminate other websites with cpanel access.
Hack bots or hacker groups automatically check websites for vulnerability and usually check for folders and files if your website has somehow been infected with malware, placed a file or discovered a vulnerability in a public plugin, or simply created a backdoor. You should add special rules to Cloudflare Web Application Firewall to be protected from constant attacks.
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/wp-content/langar.php
/.env
/up.php
/upload.php
/wp-content/mu-plugins/db-safe-mode.php
/wp-includes/small.php
/wp-includes/lfx.php
/wp-content/plugins/ubh/up.php
/old-index.php
/wp-1ogin_bak.php
/wp-content/wp-1ogin_bak.php
/cindex.php
/wp-booking.php
/alfa.php
/alfindex.php
/boom.php?x
/wp-content/plugins/backup_index.php
/wp-content/db_cache.php
/admin.php
/moduless.php
/style.php
/wp-content/plugins/t_file_wp/t_file_wp.php?test=hello
/adminer.php
- /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css
- /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php
- /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
- /wp-content/langar.php
- /test.php?Ghost=send
- /config.php
- /upload.php
- /up.php
- /wp-includes/small.php
- /wp-includes/lfx.php
- /wp-content/mu-plugins/db-safe-mode.php
- /legion.php
- /wp-content/wp-old-index.php?action=login&pass=-1&submit=
- /haders.php
- /wp-content/plugins/wpconfig.bak.php?act=sf
- /wp-content/plugins/ubh/up.php
- /wp-includes/css/wp-config.php
- /wp-content/plugins/config.bak.php
- /wp-content/themes/config.bak.php
- /wp-includes/config.bak.php
- /wp-content/config.bak.php
- /wp-admin/config.bak.php
- /config.bak.php
- /old-index.php
- /wp-includes/css/css.php
- /wp-includes/fonts/css.php
- /wp-1ogin_bak.php
- /wp-content/wp-1ogin_bak.php
- /cindex.php
- /wp-booking.php
- /alfa.php
- /alfindex.php
- /th3_err0r.php?php=https://rentry.co/yu8xc/raw
- /larva.php?idb=https://rentry.co/yu8xc/raw
- /wpindex.php?idb=https://rentry.co/yu8xc/raw
- /xmlrp.php?url=https://rentry.co/yu8xc/raw
- /wp-content/plugins/ioptimization/IOptimize.php?rchk
- /wp-content/db_cache.php
- /wp-content/plugins/backup_index.php
- /boom.php?x
- /?3x=3x
- /index.php?3x=3x
- /admin.php
- /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello
- /moduless.php
- /style.php
Cloudflare WAF Rule to Block These
(http.request.uri.path contains "/blog/") or (http.request.uri.path contains "wp-class.php") or (http.request.uri.path contains "/site/") or (http.request.uri.path contains "/old/") or (http.request.uri.path in {"/test.php" "/upload.php" " /config.php" "/wp-content/langar.php" "/.env" "/up.php" "/wp-content/mu-plugins/db-safe-mode.php" "/wp-includes/small.php" "/wp-includes/lfx.php" "/wp-content/plugins/ubh/up.php" "/old-index.php" "/wp-1ogin_bak.php" "/wp-content/wp-1ogin_bak.php" "/cindex.php" "/wp-booking.php" "/alfa.php" "/alfindex.php" "/boom.php?x" "/wp-content/plugins/backup_index.php" "/wp-content/db_cache.php" "/admin.php" "/moduless.php" "/style.php" "/wp-content/plugins/t_file_wp/t_file_wp.php?test=hello" "/adminer.php" "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" "/haders.php" "https://i3.emretosunkaya.com/wp-content/plugins/wpdiscuz/themes/default/style-rtl.css" "/test.php?Ghost=send" "/legion.php" "/wp-content/wp-old-index.php?action=login&pass=-1&submit=" "/wp-content/plugins/wpconfig.bak.php?act=sf" "/wp-includes/css/wp-config.php" "/wp-content/plugins/config.bak.php" "/wp-content/themes/config.bak.php" "/wp-includes/config.bak.php" "/wp-content/config.bak.php" "/wp-admin/config.bak.php" "/config.bak.php" "/th3_err0r.php?php=https://rentry.co/yu8xc/raw" "/larva.php?idb=https://rentry.co/yu8xc/raw" "/wpindex.php?idb=https://rentry.co/yu8xc/raw" "/xmlrp.php?url=https://rentry.co/yu8xc/raw" "/wp-content/plugins/ioptimization/IOptimize.php?rchk" "/?3x=3x" "/index.php?3x=3x" "/wp/" "/wordpress/"})
https://hogarth45.medium.com/php-backdoor-file-analysis-8ac4d3b0d885