WordPress.org

Ready to get started?Download WordPress

Forums

Question about unusual traffic in AWStats reports (8 posts)

  1. tomdkat
    Member
    Posted 1 year ago #

    Hi! I'm running WordPress 3.4.2 on a shared hosting server at Hostgator.com. WordPress runs great and I've taken measures to reduce, if not prevent, login attempts from unauthorized parties.

    I've noticed in the AWStats reports for the site a very high number of refering page to my site that appear to come from other WordPress installation.

    Here's an example of what I'm seeing:

    - http://somesite.com/wp-login.php
    - http://someothersite.com/wp-login.php

    A refering page like these appear in the report and shows the number of times the link was "clicked" to access my site. Also, "wp-login.php" is the most viewed page on the site. :)

    My question is: do the above refering pages mean someone is trying to use ANOTHER WordPress installation to hack into my WordPress installation? My site is static HTML and the blog is WordPress. It just seems odd that a hacker would be able to use another WordPress login page to somehow hack into my blog.

    Any thoughts?

    Thanks in advance!

    Peace...

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    It's probably just a badly-configured bot trying to access your site's admin. As long as you keep WordPress up to date and have a good, strong, password, you should be fine. Even if it eventually gets the url right.

  3. tomdkat
    Member
    Posted 1 year ago #

    Thanks. I do keep WordPress up to date, along with the plugins I have installed, and I have a very strong password in place. I was thinking maybe the refering page was being spoofed/forged by some bot to hide its tracks in the server logs but I wanted to make sure it wasn't a case of them using a WordPress login.php script on some other site to try to hack into my blog.

    Thanks!

    Peace...

  4. esmi
    Forum Moderator
    Posted 1 year ago #

    I wanted to make sure it wasn't a case of them using a WordPress login.php script on some other site to try to hack into my blog

    That would really be a question that is best handled by your hosts. Is the other url on the same server as your site? If it is, is it also using WordPress 3.4.2? Do the hosts sandbox sites to avoid cross-site hacks.

  5. tomdkat
    Member
    Posted 1 year ago #

    Great question! I'll see what I can find out about the URLs I'm seeing in my log. If the referenced sites are on the same server as my site, I'll contact Hostgator support.

    If they are not, what could that mean?

    Thanks!

    Peace...

  6. esmi
    Forum Moderator
    Posted 1 year ago #

    Then we're just back to "badly configured hacker/bot" again. :-)

  7. tomdkat
    Member
    Posted 1 year ago #

    Ok, I can deal with that. :)

    I looked at some of the URLs appearing in the AWStats report and they are all in the US but not on the same server as my site.

    Thanks!

    Peace...

  8. tomdkat
    Member
    Posted 1 year ago #

    Ok, just to make sure there isn't any kind of obscure security issue at work here, I'm seeing entries like this in my raw Apache access log file:

    [IP.ADDR.IN.CHINA] - - [03/Dec/2012:20:59:58 -0600] "GET /blog/wp-login.php?action=register HTTP/1.1" 200 1161 "http://www.(adult-site).info/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1"

    Is there any way to remotely login or register an account from one WordPress installation to another? Or would this be indicative of some kind of cross site scripting issue?

    Thanks!

    Happy New Year!

    Peace...

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.