Attackers - Large scale attack campaign tragets database credentials - database password,
Re:
https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-database-credentials/What they were after is wp-config.php file which may hold particular credentials:
https://www.shodan.io/search?query=wp-config.phpExample some http:// IP address -/wordpress/wp-admin/setup-config.php
Response headers PHP/7.2.29 on Apache/2.4.43 (Win64)
PHP headers vuln. - 5
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
5
CVE-2018-19935
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
5
CVE-2020-7067
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
5
One of such Mystery-groups involved from Perm:
https://siterankdata.com/mystery-group.ruOne of the addresses - Network:
https://www.shodan.io/host/31.131.251.113see activities of May 31st last:
https://www.abuseipdb.com/check/31.131.251.113and from France IP-address involved:
https://www.shodan.io/host/188.165.195.184Address coming soon: - 188.165.195.184 - -otzyvysotrudnikov.xyz — Coming Soon
ending in xyz:
https://www.abuseipdb.com/check/188.165.195.184and
https://www.projecthoneypot.org/ip_188.165.196.25 (malspider)
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)