I recently installed a plugin on my self hosted WordPress blog to manage 404 errors, and to clean up issues GWMT’s was finding from deleted pages on my site. What I wasn’t expecting to see was literally 100’s (about 800 in 24 hours) of requests to my domain that are landing as 404 errors, that are blatant efforts to find vulnerabilities in my install. This sort of thing:
Now this looks to me like someone running an automated project, using proxies by the range of ips the requests are coming from…who is looking for sites still running themes with the outdated timthumb.php file. Any way to block this rubbish? My site has been hacked a few times, so now I pay to have it secured and monitored by sucuri.
- The topic ‘How to block the bucket loads of vulnerability requests to my domain’ is closed to new replies.