WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
Receiving so many Site Lockout Notifications (39 posts)

  1. SoniaTBB
    Member
    Posted 1 year ago #

    Hi,

    Generally speaking, i receive many notifications and, for example within the last 20 minutes, i've received 40 notifications !
    Obviously something is wrong with my website but i don't know what. Can anyone help me to find the problem ?

    The notifications i get are about "too many attempts to open a file that does not exist" or about "too many login attempts". First, i would like to understand what this is about exactly : what file ? what login attempts ?

    The thing is that i'm pretty sure these notifications are not warning me about a real threat.

    Thanks for your help

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Handoko
    Member
    Posted 1 year ago #

    It might be the real threats.

    My site only has very little posts and has been online about a year only. Now I get some brute-force login, auto-registration, any blablabla hacking attempts almost everyday.

    WordPress is very popuplar, lots of hackers build script attempting to hack wordpress sites. If you googling, you will know that hacking a wordpress is not hard if the owner do not strengthen its default security.

    Login Attempts
    Is the attempts of hackers to try to login to your website to take over the control. Once if the success, he may blackmail you some money. I've seem some websites being hacked, and a message did appear on it asking the owner to contact the hacker.

    404 Errors
    There many possibilities about 404 errors:
    - Registration/Signup (usually for spamming purposes)
    - Missing files (hackers looking for script's vulnerability)
    - Missing files (that caused by plugins)

    If you see your plugin's name appear on the 404 error list, it can be caused by the plugin itself which mean its author doesn't write the plugin properly.

  3. SoniaTBB
    Member
    Posted 1 year ago #

    Hi

    Thanks for your answer. Actually, with that many errors, my provider considered there was an abuse or something like that and shut my website down. The provider sent me an email and we have now to fix the issue... I received at least A THOUSAND Notifications ! It's insane, i wonder where this came from !

  4. Handoko
    Member
    Posted 1 year ago #

    Yes, it's insane.

    I frequently received notifications, but not so much only several notifications in a day.

    How did you fix the issue? Did you remove the plugin or did you disable the notification feature? I'm curious to know what went wrong on your website.

    I always examine it if I receive notification email from my website. After many inspections I found that most of them are login attempts, some are signup attempts, and a few are 404 errors that caused by the plugin I'm using. Most the IPs are from Russia and China.

    Can you please post some samples of the most frequent items that appear on your Security Log here?

  5. SoniaTBB
    Member
    Posted 1 year ago #

    Hi,

    Actually the thing with my provider didnt seem to have anything to do with these notifications. It was an issue with the cache but whatever

    1st sample :
    URI : /wp-content/uploads/2013/01/12-J%C3%A9coute-150x150.jpg
    Referrer : http://www.soniarochel.com/baby-bath-is-care-to-share-with-baby/
    Count : 7165 !!!!!

    2nd sample :
    URI : /wp-content/uploads/2013/01/12-J%C3%A9coute-150x150.jpg?9d7bd4
    Referrer : (empty)
    Count : 5300 !!!

    It's so annoying... I need to do something !

  6. SoniaTBB
    Member
    Posted 1 year ago #

    If anyone wants, i can send the .csv log by email... If that can help, why not.

    I took a look at my ftp and i found /wp-content/uploads/2013/01/12-J%C3%A9coute-150x150.jpg AND /wp-content/uploads/2013/01/12-J%C3%A9coute-150x150.jpg?9d7bd4

    Should i delete them ? I don't even understand how people can click this because it doesn't even appear on my website

  7. Handoko
    Member
    Posted 1 year ago #

    7165 and 5300 are really crazy!

    I'm now inspecting this weird issue. So far the samples above are enough.

    Do you use caching plugin? Is yes, which one do you use? I'm using W3 Total Cache, it works without any problem with Better WP Security.

  8. SoniaTBB
    Member
    Posted 1 year ago #

    I used to use W3TC but as i told you there was an issue with my provider. They told me something like "too many accesses on :
    www/wp-content/w3tc/dbcache/". Anyway, they told me to switch to WP Super Cache

    The question is : why do i get all these notifications ?

  9. Handoko
    Member
    Posted 1 year ago #

    The question is : why do i get all these notifications ?
    wrong configuration of one or some of your plugins that cause them to be incompatible with each other or with your webhost environment.

    I used to use W3TC ...
    You were using W3TC and you get the 404 error notifications, right? But what about now, do you still get the errors after using WP Super Cache?

    You may interested to know, some days ago I just read from WordPress forum, some said W3TC database and object cache should be turn off in most cases, because they frequently incompatible with many webhost environment. Did you enable the database cache?

    I ever had bad experience with W3TC, I turn on all the caching and my front page become garbage. Now I only enable page caching, so far no problem so I won't try to change any configuration. Caching is a very complex technique, any wrong configuration may cause lots of troubles.

    If you still get lots of 404 email notifications, you may to stop the plugin sending notification emails by:
    Goto menu > Security > Intrution Detection > disable the Email 404 Notifications

    Did you examine the IPs that trigger the errors? If most of them are from same IP, it can some hacking attempts. You may copy/paste the IP to check if they're hackers:
    http://www.projecthoneypot.org/search_ip.php

  10. SoniaTBB
    Member
    Posted 1 year ago #

    Thanks for your answer

    Maybe it will help you to know more about my website (and potential incompatibility), here are the plugins i'm using :

    Akismet
    Better WP Security
    Broken Link Checker
    Jetpack by WordPress.com
    Related Posts
    Twenty Eleven Theme Extensions
    WassUp Real Time Analytics
    WordPress SEO
    WP-DBManager
    WP Maintenance Mode
    WP Maintenance
    WP Native Dashboard
    WP Super Cache
    Wysija Newsletters

    Well, after installing WP Super Cache (a hour ago) i received a few more. Now, it's been 30 minutes i didn't receive anything so let's see... I also changed a few things that could have helped

    The thing is that even if i disable email notifications, there still are 404 errors that will be recorded. It won't bother me anymore but it will still be stored, don't you think so ?

    About the IPs, basically they always are different :/

    Where do i check if i enabled database cache. With all these things i'm getting confused

    Thanks for your help

  11. SoniaTBB
    Member
    Posted 1 year ago #

    Forget what i've just said...

    Between 11:03 and 11:12, 4 notifications DAMN !

  12. Handoko
    Member
    Posted 1 year ago #

    Interesting. I like solving mysteries. Give me some time (perhaps days), I will try to set a testing site that use the plugins you're using.

    Well, you said you received some errors after installing WP Super Cache. I think that maybe me visiting your website that generated the errors. I'm from Indonesia, was visiting your website an hour ago. I saw from your html source, know that you were using WP Super Cache when I was visiting. You may check the IP to see was that my IP (Indonesia).

    Now, I'm visiting again:
    My IP: 36.69.22.44
    Page visited: http://www.soniarochel.com/baby-massage/
    Visited count: ± 10 times

    Do you see my IP being recorded in the 404 error log? Is yes, it means that were not hacking attempts, but there really something wrong in your configuration, plugin or webhost.

  13. SoniaTBB
    Member
    Posted 1 year ago #

    Well, i didn't receive any notification (at least, yet). However, on my admin area, i see that you're IP appears in WP Better Security as an error... for this :

    URI : /wp-content/uploads/2013/01/12-J%C3%A9coute-150x150.jpg
    Referrer : http://www.soniarochel.com/baby-bath-is-care-to-share-with-baby/

  14. SoniaTBB
    Member
    Posted 1 year ago #

    Interesting. I like solving mysteries. Give me some time (perhaps days), I will try to set a testing site that use the plugins you're using.

    That would be hard to do as you would need to use EXACTLY the same plugins AND SETTINGS :/

  15. Handoko
    Member
    Posted 1 year ago #

    Yes, you should not receiving any notification because turn it off, right.

    But why my IP being recorded?

    You're now not using W3TC. So the chances caching plugins causing the issue is low, I personally think.

    You said my IP being recorded, can you tell how many count are in the logs? Is it 10 or more? I'm sure I've visited it at least 10x. And the strange is why the referrer is baby-bath-is-care-to-share-with-baby, while I intentionally try to generate the 404 error on baby-massage page.

    I'm thinking the culprit is any other plugin, not the caching.

    So, now please tell me:
    - What is the count number in the logs?
    - Is any .../baby-massage/ referrer being recorded?

  16. SoniaTBB
    Member
    Posted 1 year ago #

    Actually, it's weird because i saved the .csv log and your ip appears twice :
    - /wp-content/uploads/2013/01/12-J%C3%A9coute-150x150.jpg,1360145906,36.69.22.44,,
    - /wp-content/uploads/2013/01/A9coute-150x150.jpg,1360145934,36.69.22.44,,

    (url,time,host,referrer,)

    Sorry but as english isn't my mother tongue, i'm not sure to understand what "referrer" is ?

    Also, should i clean the database with the 44 000 404errors ? or it's better to do it after we solve the problem ?

    ps : is there anyway that the developper of this plugin take a look at my issue ?

  17. SoniaTBB
    Member
    Posted 1 year ago #

    I may have found something but i'm not sure, i'll tell you more about it if i see i stop receiving notifications

  18. Handoko
    Member
    Posted 1 year ago #

    tell me

  19. Handoko
    Member
    Posted 1 year ago #

    is there anyway that the developper of this plugin take a look at my issue ?

    Developers always busy, they might be able help you but you need wait patiently. And, I don't think the problem is caused by this Better WP Security plugin. And it seems not also the caching plugins (W3TC nor WP Super Cache).

    what "referrer" is ?
    Basically, you can think referrer (in the logs) means which page cause the error.

    I may not solve you problem, but you should try. Do you want a test? Here I describe some technical things before we start:

    404 error happens when a visitor or hacker or bot (google, bing, etc) visiting your page and requesting something (a file for example), but the thing requested is not exist.

    404 error often being associated with hacking attempts, because hackers need to scan your website to find weakness in your website. So they trigger 404 errors.

    Sometimes, improper configuration may cause 404 error too, especially caching plugin. Because they change the way how your website retrieve and provide the resource (the file) to visitors.

    Okay, now do you want to do the test? As you said, it will be better perform on your website rather than I build a test site.

  20. SoniaTBB
    Member
    Posted 1 year ago #

    I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! I FOUND ! LOOOL

    No notification since 12:27

    Here is the problem. I was wondering : why do i get an error about a picture which is not even in my article. The page of my article doesn't contain only one picture (it's what you definitely can see). There are ALSO the pictures from the plugin RELATED POSTS !
    Let's continue. I remembered one day, i noticed i had an issue with this plugin because even if i changed the picture i want for an article, the thumbnail used in Related Posts won't change !

    Example : my article XYZ shows a picture of a DOG ; Related Posts Polugin will generate a thumbnail with the picture of the DOG. If i decide to change the picture on my article to a picture of a CAT, Related Posts Plugin won't generate anything new, it will keep the thumbnail of the dog picture.

    Conclusion : i don't remember but i probably changed the picture of an article, the thing is that picture doesn't exist anymore but Related Posts Plugin keeps it. As a result, every time a visitor reads an article, Related Posts Plugin displays 3 or 4 thumbnails and one of them is about a picture that doesn't exist ==> 404 ERROR !

  21. Handoko
    Member
    Posted 1 year ago #

    Glad to know you found it. Congratulation! I can feel the joy you solved the issue.

    Yeah, as I said rather than waiting for the helps from developers, it's better we try to do somethings. Also it seems the source of the problem is not from Better WP Security nor the caching plugins.

    You perhaps need to contact the author of Related Posts plugin telling them what you've found.

    For now, I'm going to generate 404 errors on your page:
    My IP: 36.69.22.44
    Page (referrer): .../bath-followed-by-great-baby-massage/
    Count: ± 10 times

    If my IP is not going to recorded in the error logs, then you may throw a party tonight and cheers.

  22. SoniaTBB
    Member
    Posted 1 year ago #

    Yes, i'm going to contact the author of Related Posts plugin
    I didn't see your IP adress :)

    However i still need your help because i keep getting 404errors but it's not this problem at all lol

    559 404errors have been recorded since yesterday :
    - count = 218 for /wp-content/uploads/2012/11/cropped-Banniere-TBB-2.png (i think it is the picture of my header)
    - count (approx.) = 100 for /apple-touch-icon-precomposed.png (and other apple-touch pictures)
    - and others...

    I don't understand why i get these errors

  23. Handoko
    Member
    Posted 1 year ago #

    404 errors is a common problem, it also happened even your website have followed the correct standard rules. Sometimes also Google does generate 404 errors on my site, but it is smart, when it received a 404 error, it will stop requesting same resource, and only may come back for it after weeks.

    404 errors can occur because the theme or plugins we use are not properly wrote by the author. On my websites, I have 2 such problems, I have contacted its authors but still no response from them. If you think some of your 404 errors are caused by your theme, my suggestion is try do deactivate it and use other (twenty eleven) for some days to prove it.

    apple-touch-icon-xxx errors are some other new problems which frequently happen recently. It is generated because Apple users (iPad, iPhone, etc) are visiting your website.

    Apple creates new standard for their web browsing experience which does not follow the standard now widely used. When an Apple user visiting your website, his/her web browser will try find an icon file based on the device resolution. If it fails, it will try to find best matched size icon, if still fail it will try next best matched and so on. Also, it will consider to use precomposed-typed image first, if fails, it will try to find normal image. That's why you may get lots of such errors.

    So, if you get huge amount of 404 apple-touch-icon errors, then congratulations, you've been visited by lots of Apple iOS device users.
    For more informations:
    http://en.wikipedia.org/wiki/Favicon#Device_support
    http://gigaom.com/2011/06/22/how-to-create-ios-device-home-screen-icons-for-web-sites/
    http://developer.apple.com/library/ios/#documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html

    Better WP Security is a great plugin, not only it improves websites security it also helps webmaster builds better webs. You should often empty the logs and study the entries that have been recorded.

  24. reiniggen
    Member
    Posted 1 year ago #

    Sorry, that was the wrong place for my post.

  25. SoniaTBB
    Member
    Posted 1 year ago #

    reiniggen, i am still interested in what you wrote. How can i exclude folders or files in 404 tracking ?

  26. Handoko
    Member
    Posted 1 year ago #

    So far as I know, there is no such feature for excluding folders/files in 404 tracking in this plugin. You may try to submit a feature request, but I doubt the author will develop it for you. They're very busy.

    But if you provide apple-touch-icon by following the information I gave, you can minimize even totally solve this issue. I received many such 404 errors almost everyday. But now, it only less 10 in a month.

  27. reiniggen
    Member
    Posted 1 year ago #

    I've moved my post to:
    http://wordpress.org/support/topic/suggestions-and-bwps-40?replies=6#post-3899466

    I think a new 404 white list of relative URLs (aka folders and files) would be very helpful for that. Better WP Security has been a 404 whitelist but only for IPs.

  28. reiniggen
    Member
    Posted 1 year ago #

    Hi Handoko,

    the problem is: Apple's devices checks all versions of apple-touch-icons. The same IP requests all the possible combinations:
    apple-touch-icon.png
    apple-touch-icon-72x72.png
    apple-touch-icon-precomposed.png
    apple-touch-icon-114x114.png
    apple-touch-icon-114x114-precomposed.png
    apple-touch-icon-144x144.png
    apple-touch-icon-144x144-precomposed.png
    etc.

    I have only apple-touch-icon.png. I think that's enough, but unfortunately Apple has a different opinion.

  29. Handoko
    Member
    Posted 1 year ago #

    Yeah I know, that's why I still receive such errors. If you really want solve the problem, you need to create many versions of the image. Apple is great in some ways, but it's suck in this way.

  30. reiniggen
    Member
    Posted 1 year ago #

    If you really want solve the problem, you need to create many versions of the image.
    I have no problem with missing Apple images. Better WP Security has a problem with that and make problems for our users. Not only that. Too many log entries also make performance problems. ;-)

    For example, I have two non-existent pages - renamed to protect against spam robots. But these robots use my pages continues and make Better WP Security logs constantly full. Do I have to create pages - especially for a plugin?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic