Continuous Attacks affecting the Database
-
Hi,
recently i face problems with different attacks and got blocked by Wordfence but it affects the database & server usage goes high,
here a samples from the attacks i face & i need your recommendations what should i do or what is the recommended action:The Wordfence Web Application Firewall has blocked 117 attacks over the last 10 minutes. Below is a sample of these recent attacks:October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for Directory Traversal in POST body: _mc4wp_timestamp = unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\... October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for Directory Traversal in POST body: _mc4wp_timestamp = ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././windows/win.ini October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for Directory Traversal in POST body: _mc4wp_timestamp = ../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for Directory Traversal in POST body: _mc4wp_timestamp = ..\..\..\..\..\..\..\..\windows\win.ini October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for Directory Traversal in POST body: _mc4wp_timestamp = ..\..\..\..\..\..\..\..\windows\win.ini October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for Directory Traversal in POST body: _mc4wp_timestamp = /../../../../../../../../../../boot.ini October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for Directory Traversal in POST body: _mc4wp_timestamp = ../../../../../../../../../../windows/win.ini .jpg October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for XSS: Cross Site Scripting in POST body: _mc4wp_timestamp = '"()&%<acx><ScRiPt >ZWPZ(9861)</ScRiPt> October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for XSS: Cross Site Scripting in POST body: _mc4wp_timestamp = 1666819095'"()&%<acx><ScRiPt >ZWPZ(9374)</ScRiPt> October 26, 2022 10:59pm 104.248.30.92 (Germany) Blocked for XSS: Cross Site Scripting in POST body: _mc4wp_honeypot = '"()&%<acx><ScRiPt >ZWPZ(9863)</ScRiPt>The Wordfence Web Application Firewall has blocked 343 attacks over the last 10 minutes. Below is a sample of these recent attacks:September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = ' AND (SELECT 1 FROM (SELECT(SLEEP(25)))A)-- 1 /* 0d4609e6-3de4-4cdb-a087-0469fb6a38f9 */ September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = ' AND (SELECT 1 FROM (SELECT(SLEEP(25)))A)-- 1 /* a893272d-f171-4804-8b6c-be323d5baf2b */ September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = ') AND (SELECT 1 FROM (SELECT(SLEEP(25)))A)-- 1 /* 5f60c85b-1242-4511-8022-2c32846ff5a9 */ September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = ') AND (SELECT 1 FROM (SELECT(SLEEP(25)))A)-- 1 /* 7acff97e-857c-49c6-910d-2d1eb49180c9 */ September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = -1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+" /* 14f89eb2-127f-4185-ae8c-3289b4a96d77 */ September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = -1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+" /* 479c6880-5222-4b74-8e47-d6a076a10e8a */ September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = -1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A)) /* b2dc710b-c2b6-427f-a20e-54df65278181 */ September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = -1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A)) /* 7815e4a2-6d23-49e1-ac94-b06af52d6fa5 */ September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = -1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+' /* 4c196143-909c-44a8-b3cd-7144d0fecee9 */ September 30, 2022 8:09am 85.215.179.107 (Germany) Blocked for SQL Injection in query string: wp-link-submit = -1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+' /* 7eb90d10-b81c-4e57-a7cf-1b2f8f5dc25e */The Wordfence Web Application Firewall has blocked 163 attacks over the last 10 minutes. Below is a sample of these recent attacks:September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-Agents September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-Agents September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-Agents September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-Agents September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-Agents September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-Agents September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-Agents September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-Agents September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-Agents September 25, 2022 7:50pm 102.47.25.255 (Egypt) Blocked for Common vulnerability scanner User-AgentsThe Wordfence Web Application Firewall has blocked 149 attacks over the last 10 minutes. Below is a sample of these recent attacks:September 13, 2022 5:50pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: _mc4wp_honeypot = ' AND EXTRACTVALUE(2463,CONCAT(0x5c,0x7178717171,(SELECT (ELT(2463=2463,1))),0x716b627071)) AND 'eBc... September 13, 2022 5:50pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: _mc4wp_honeypot = ') AND EXTRACTVALUE(2463,CONCAT(0x5c,0x7178717171,(SELECT (ELT(2463=2463,1))),0x716b627071)) AND ('C... September 13, 2022 5:49pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = qzhJ AND 2257=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(113)||CHR(113)||CHR(11... September 13, 2022 5:49pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = qzhJ AND 2257=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(113)||CHR(113)||CHR(11... September 13, 2022 5:49pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = qzhJ) AND 2257=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(113)||CHR(113)||CHR(1... September 13, 2022 5:49pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = qzhJ' AND 2257=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(113)||CHR(113)||CHR(1... September 13, 2022 5:49pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = qzhJ') AND 2257=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(113)||CHR(113)||CHR(... September 13, 2022 5:49pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = qzhJ AND 2513 IN (SELECT (CHAR(113)+CHAR(120)+CHAR(113)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (2513... September 13, 2022 5:49pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = qzhJ AND 2513 IN (SELECT (CHAR(113)+CHAR(120)+CHAR(113)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (2513... September 13, 2022 5:49pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = qzhJ) AND 2513 IN (SELECT (CHAR(113)+CHAR(120)+CHAR(113)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (251...The Wordfence Web Application Firewall has blocked 216 attacks over the last 10 minutes. Below is a sample of these recent attacks:July 5, 2022 9:30pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = magE AND EXTRACTVALUE(8326,CONCAT(0x5c,0x7178767171,(SELECT (ELT(8326=8326,1))),0x7162787071))-- bRJ... July 5, 2022 9:30pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = magE AND EXTRACTVALUE(8326,CONCAT(0x5c,0x7178767171,(SELECT (ELT(8326=8326,1))),0x7162787071)) July 5, 2022 9:30pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = magE) AND EXTRACTVALUE(8326,CONCAT(0x5c,0x7178767171,(SELECT (ELT(8326=8326,1))),0x7162787071)) AND ... July 5, 2022 9:30pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = magE' AND EXTRACTVALUE(8326,CONCAT(0x5c,0x7178767171,(SELECT (ELT(8326=8326,1))),0x7162787071)) AND ... July 5, 2022 9:30pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: EMAIL = magE') AND EXTRACTVALUE(8326,CONCAT(0x5c,0x7178767171,(SELECT (ELT(8326=8326,1))),0x7162787071)) AND... July 5, 2022 9:30pm 213.226.123.153 (Poland) Blocked for Directory Traversal in query string: QbLs = 9868 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_sch... July 5, 2022 9:29pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: rememberme = forever AND 7086=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(122)||CHR... July 5, 2022 9:29pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: rememberme = forever AND 7086=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(122)||CHR... July 5, 2022 9:29pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: rememberme = forever) AND 7086=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(122)||CH... July 5, 2022 9:29pm 213.226.123.153 (Poland) Blocked for SQL Injection in POST body: rememberme = forever' AND 7086=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(106)||CHR(122)||CH...The page I need help with: [log in to see the link]
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Continuous Attacks affecting the Database’ is closed to new replies.
