This file is Exploitable for DDOS attack:
It’s the only file that makes us trouble when we are attacked by DDOS. What solution can we apply?
the attack is based on the query string for this file:
Ok, but the query string does not change anything, you can do this with any other file, it’s just an accident that the attacker has chosen this file
Ok, thank you.
I protected the site with a Firewall from Sucuri, and that company sent me this message regarding this file and another one:
“Any .php file deep inside wp-content will have it’s directly access blocked by the Firewall, since most of the cases those files accessed directly are backdoors. Well coded plugins/themes do not load php files directly, they usually use AJAX instead:
The file is needed to add the changes in the theme options to the website. All premium themes where you can change colors and backgrounds need to use this method, another way is to add the content of the file in the header, but this is not good for SEO, that’s why we never used it in our themes…
I found another solution. I copied the content generated by this file into a new static CSS file and I replaced in the callcripts.php the path to the new CSS file. Of course, I can not make customizations from the admin menu, I will make them from that static file separately. However, the CPU load on the server is reduced, because the new file is static and does not involve php.
yes, that’s a way to “remove” the file. I’m glad you found a solution.
You must be logged in to reply to this topic.