Request to wp-config using the landing_site cookie

Latelly I’ve been facing a problem with a website. Checking the logs, I found the following:

2023-09-13 17:09:24.449414 [NOTICE] [2651111] [T4] [] mod_security rule [id “77350212”] at [/etc/httpd/conf/modsecurity.d/rules/custom/007_i360_4_wordpress.conf:2721] triggered!
[Wed Sep 13 17:09:24.447126 2023] [error] [client] ModSecurity: Access denied with code 403, [Rule: ‘REQUEST_FILENAME’ ‘\/[.#]?wp-config[.-][\w._-]*(?:[#~]|(?:inc|txt|tar|xml|zip|bak|old|orig(?:inal)?|save|\d|sw(?:p|o)))$’] [id “77350212”] [msg “IM360 WAF: Information Disclosure Attempt in WordPress||MV:/||T:LITESPEED||REQUEST_URI:/||”] [severity “CRITICAL”] [tag “wp_core”] [hostname “”] [uri “/”]2023-09-13 17:09:24.449440 [NOTICE] [2651111] [T4] [] Content len: 0, Request line: ‘GET / HTTP/1.1’
2023-09-13 17:09:24.449445 [INFO] [2651111] [T4] [] Cookie len: 139,; pbid=8db2b8ce1cfe4710035e9cf74386e1024f6cbc408729d133a978dfc7616ec1d8
2023-09-13 17:09:24.449448 [NOTICE] [2651111] [T4] [] Redirect: #1, URL: /index.php

This set of errors gets repeated multiple times in just a few seconds, each time trying to access a different version/name of wp-config.

Is it a possible vulnerability in the Mailchimp plugin code or settings? Because everytime this request happens, ModSecurity rules arre triggered.

Any ideas could really help.
Thank you.


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer