Scanning impossible after hacking-attempt?

  • Resolved NilsOstergren

    (@nilsostergren)


    7 years, 7 months ago

    Today I couldn’t start a scan on one of my three WP-sites. The diagnostics page was showing:

    Checking if MySQL user has CREATE TABLE privilege FAIL
    Checking if MySQL user has ALTER TABLE privilege FAIL
    Checking if MySQL user has DROP privilege FAIL
    Checking if MySQL user has TRUNCATE privilege FAIL

    I had not changed anything in the database.

    My ISP support gave the database user ALL possible priviliges (but found it strange that Wordfence was demanding more priviliges than the ISPs default users usually have).

    So now the diagnostic page showed that everything was OK. But scans still didn’t start.

    So I went to https://docs.wordfence.com/en/My_scans_don’t_finish._What_would_cause_that%3F
    Updated Wordfence? Check.
    Set “Maximum execution time for each scan stage” to 15 seconds. Check.
    But scans still not starting.

    Then I notice that changed options are not saved. I try several times and I get the message that changes are saved, but when I leave the page and come back there are no changes saved.

    These problems seems to coincide with these lines in “Scan Detailed Activity” that happened the night before i tried a manual scan:
    [Aug 31 20:05:48] Scheduled Wordfence scan starting at Wednesday 31st of August 2016 08:05:48 PM
    [Aug 31 22:45:20] Blocking IP 78.46.156.169. Exceeded the maximum number of page not found errors per minute for humans.
    [Aug 31 22:45:20] Blocking IP 78.46.156.169. Exceeded the maximum number of page not found errors per minute for humans.
    [Aug 31 22:45:20] Blocking IP 78.46.156.169. Exceeded the maximum number of page not found errors per minute for humans.
    [Aug 31 22:45:20] Blocking IP 78.46.156.169. Exceeded the maximum number of page not found errors per minute for humans.
    [Aug 31 22:45:20] Blocking IP 78.46.156.169. Exceeded the maximum number of page not found errors per minute for humans.
    [Sep 01 08:26:32] Scheduled Wordfence scan starting at Thursday 1st of September 2016 08:26:32 AM

    The scan on the last line seems not to have started.

    The five lines about blocking 78.46.156.169 (a known hacker according to https://www.abuseipdb.com/) are interesting. When looking at “Recent traffic” for the address Wordfence also states that “Possible XSS code filtered out for your security”.

    And why would Wordfence block it five times and send me five email alerts.

    So, what to do now? And may something bad have happened when 78.46.156.169 was hammering my site?

    https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Scanning impossible after hacking-attempt?’ is closed to new replies.