Blocked access to admin-ajax.php

dimalifragis
(@dimalifragis)

2 months, 1 week ago

Hello.

From my logs:

54.236.1.13 POST /wp-admin/admin-ajax.php – Blocked access to admin-ajax.php – [bot detection is enabled]

but 54.236.1.13 is “crawl-54-236-1-13.pinterest.com”.

So am i blocking Pinterest and probably other needed crawlers?

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author

(@nintechnet)

Yes, you are.
This policy allows only your server and yourself (while your are logged-in) to connect back to the admin-ajax.php script, and will block bots. If you need the pinterest.com bot to connect to it, disable the policy.

barneyzbln

(@barneyzbln)

2 months ago

Hi!
Are the attacks blocked even if it is not explicitly stated in the log file?
For example, I found the entries below in my log file. Were these blocked by the firewall?

#1949438  CRITICAL  1540  172.104.183.220  GET /wp-admin/admin-ajax.php - Unauthenticated action - [REQUEST:action = duplicator_download]
#5664348  HIGH       310  172.104.183.220  GET /wp-admin/admin-ajax.php - Access to a configuration file - [GET:file = ../wp-config.php]

#6520312  HIGH       310  91.121.82.163    GET /wp-admin/admin-ajax.php - Access to a configuration file - [GET:file = ../wp-config.php]
#7243699  HIGH       310  91.121.82.163    GET /wp-admin/admin-ajax.php - Access to a configuration file - [GET:img = ../wp-config.php]
#3742363  CRITICAL     1  91.121.82.163    GET /index.php - Directory traversal - [GET:mla_download_file = ../../../../wp-config.php]

Plugin Author

nintechnet

(@nintechnet)

2 months ago

There were blocked. As indicated below the log, it shows all threats that were blocked by the firewall, unless stated otherwise.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

WordPress.org

Blocked access to admin-ajax.php

Views