OP 28 June, 2024 - 12:25 PM
After bruteforce( many POST requests - "wp-login.php" from host 10.0.1.85) there were a couple of requests admin-ajax.php followed by a response from the server( host - 10.0.1.88). Further Connection is conducted via SSH. Could this signal that the user guessed the admin password? Or is it not related at all?
Then, after ssh connection some values appear in POST request to wp-admin-support, with subsequent request the values change.
Also I have a question with cookies, if I understand correctly, they are not from a normal user?
Then, after ssh connection some values appear in POST request to wp-admin-support, with subsequent request the values change.
Also I have a question with cookies, if I understand correctly, they are not from a normal user?