L'ultimo giorno ho notato che il mio sito wordpress è stato violato e una shell backdoor PHP è stata installata sul mio sito.
Virus scanner ha segnalato che un file di plug-in si trova nella mia wp-content/uploads
che non ho caricato personalmente. Comprendeva un plugin per wordpress più alcune shell php.
Non so come sia stato inserito questo file, utilizzando questo file, l'hacker potrebbe accedere alla cartella principale del mio host, creare file e modificare i permessi del file per consentirne l'esecuzione.
Non so come possa aiutare l'hacker e qual è stato il vantaggio per lui / lei, ma lui / lei è riuscito a creare un file sul mio host e rivendicare il mio sito come sua proprietà su google search console. Voglio sapere:
- Come posso trovare il buco di sicurezza sul mio sito?
- Qual è stato il vantaggio per l'hacker di rivendicare il mio sito come sua proprietà sulla console di ricerca di Google? L'ho rimosso dalla console di ricerca di google del mio sito ma desidero conoscere i rischi che potrebbe comportare per me.
Sto usando wordpress 4.6.9, ho usato plain-ftp qualche volta per i trasferimenti di file che immagino possa mettermi nei guai ma non ne sono sicuro. Ho anche notato un cambiamento nelle dimensioni del database e dell'uso del disco host.
> [09/May/2018:11:23:46 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45264 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
[09/May/2018:12:01:48 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45165 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
[09/May/2018:12:22:13 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 24576 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
[09/May/2018:12:22:15 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 301 0 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36"
[09/May/2018:12:22:17 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 17044 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36"
[09/May/2018:12:22:19 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 301 0 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 Safari/602.1"
[09/May/2018:12:22:20 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 24576 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 Safari/602.1"
[09/May/2018:12:22:27 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 16927 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
[09/May/2018:12:22:29 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 24576 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Version/10.0 Mobile/14D27 Safari/602.1"
09/May/2018:12:22:31 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 17044 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/search.php" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
[09/May/2018:12:22:34 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 48900 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/search.php" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
[10/May/2018:08:28:53 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:28:57 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:28:59 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:29:02 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:29:04 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:29:06 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99033 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:29:08 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99062 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:11:08:58 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45215 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)"
[11/May/2018:08:51:13 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45110 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2913.70 Safari/537.36"
[16/May/2018:06:33:19 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45322 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:51.0) Gecko/20100101 Firefox/51.0"
[16/May/2018:09:11:02 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 48747 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
[16/May/2018:09:11:06 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 301 0 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Linux; Android 7.0; SAMSUNG SM-G935F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/5.4 Chrome/51.0.2704.106 Mobile Safari/537.36"
[16/May/2018:09:11:08 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 24576 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Linux; Android 7.0; SAMSUNG SM-G935F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/5.4 Chrome/51.0.2704.106 Mobile Safari/537.36"
[16/May/2018:09:11:20 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 301 0 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
[16/May/2018:09:11:25 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 16891 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
[16/May/2018:09:11:29 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 16941 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
- [16/May/2018:09:11:32 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 16963 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/search.php" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
- [16/May/2018:09:11:35 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 16891 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/search.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
[16/May/2018:09:11:27 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 40109 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36"
[17/May/2018:16:16:14 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:16 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:18 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:21 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:23 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:26 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99676 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:28 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99676 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[23/May/2018:16:46:27 +0430] "POST /wp-content/plugins/background-image-cropper/wp-post.php HTTP/1.1" 404 81920 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
[23/May/2018:16:46:57 +0430] "POST /wp-content/uploads/kc_extensions/background-image-cropper/wp-post.php HTTP/1.1" 404 99574 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
[24/May/2018:15:40:32 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45263 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2904.89 Safari/537.36"
[28/May/2018:14:35:16 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45712 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0)"
[29/May/2018:12:22:32 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 90112 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[30/May/2018:01:44:44 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45559 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (Windows NT 5.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2703.62 Safari/537.36"
[31/May/2018:05:44:23 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[31/May/2018:05:44:24 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[31/May/2018:05:44:25 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[31/May/2018:10:04:27 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:29 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100303 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:31 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:33 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:37 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:39 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100560 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:42 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100560 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[01/Jun/2018:09:38:38 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100339 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[01/Jun/2018:09:38:40 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100310 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[01/Jun/2018:09:38:43 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100339 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[01/Jun/2018:09:38:47 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100339 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[01/Jun/2018:16:06:12 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101532 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[01/Jun/2018:16:06:19 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101503 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[01/Jun/2018:16:06:25 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101532 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[02/Jun/2018:07:24:00 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101421 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[02/Jun/2018:07:24:05 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101421 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[02/Jun/2018:07:24:11 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101421 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[07/Jun/2018:16:40:49 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 90112 "my.site" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
[07/Jun/2018:23:28:13 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 98304 "my.site" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
[09/Jun/2018:14:32:25 +0430] "GET /wp-content/uploads/2018/05/background-image-cropper.zip HTTP/1.1" 404 101833 "http://my.site/wp-content/uploads/2018/05/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:33 +0430] "GET /wp-content/uploads/2018/05/background-image-cropper.zip HTTP/1.1" 404 101833 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:44 +0430] "GET /wp-content/uploads/2018/05/background-image-cropper.zip HTTP/1.1" 404 24684 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:57 +0430] "GET /wp-content/uploads/2018/05/Image_4-1-310x165.jpg HTTP/1.1" 200 13261 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:57 +0430] "GET /wp-content/uploads/2018/03/3338870a59339803fde5c832a78dc735-310x165.jpg HTTP/1.1" 200 12743 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:57 +0430] "GET /wp-content/uploads/2018/04/%D8%AD%D9%85%D8%A7%D9%85-1-310x165.jpg HTTP/1.1" 200 12613 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:57 +0430] "GET /wp-content/uploads/2018/05/Image_10-310x165.jpg HTTP/1.1" 200 19456 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:58 +0430] "GET /wp-content/plugins/WP_Visual_Chat/assets/images/administrator-2-128.png HTTP/1.1" 200 2999 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:58 +0430] "POST /?wc-ajax=get_refreshed_fragments HTTP/1.1" 200 411 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:58 +0430] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 35 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"