Live traffic info

  • islp

    (@islp)


    7 years, 8 months ago

    Hello, I’m looking for an explanation.

    I edited an .htaccess file so that a user can’t directly call a .php file (they get a 404).

    To test my .htaccess, I put an info.php file at the root level and another one under the wp-content directory. Then, I tried to access the files using the browser. Anything went fine and I could read my own traffic live with WordFence.

    10 minutes later, I noticed a very strange thing: there were two attempts to access the same files (meantime I removed), this time from Ashburn, USA (I’m in Italy…), hostnames rigby03.embed.ly and rigby01.embed.ly, ips 54.221.198.105 and 54.204.20.250.

    The question is: my info.php files were two custom php files, not something built in WordPress. How it is possible someone accesses two custom files I just created and removed?

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • wfalaa

    (@wfalaa)

    7 years, 8 months ago

    Hi,
    Yes, both IPs you mentioned seem to be crawler bots:
    https://myip.ms/info/whois/54.221.198.105
    https://myip.ms/info/whois/54.204.20.250

    Bots are known to hit non-existent files sometimes, if you noticed repeated visits from these IPs to these deleted files, you could manually block them via “Wordfence > Advanced Blocking” or (Wordfence > Blocked IPs)

    Thanks.

    Thread Starter islp

    (@islp)

    7 years, 8 months ago

    Hi, of course I know what bots do, but it’s very strange a bot looks for 2 non-existing files even 2 minutes after the creation of the files: how do they know the name of the file? How do they know the directory? And why they look for files that are not built-in in WP?

    Another very strange thing is the following: the bot crawls a particular page just after a real user has visited the same page. The website is quite large, the bot could visit any other page: why *that* page?

    I sent a mail to Embed.ly and they asked to tell them the URL of the website: I did it but I received no further reply.

    Last but not least, even if I blocked it the way you suggest, the bot ignores the robots.txt.

    Thread Starter islp

    (@islp)

    7 years, 8 months ago

    I want to add another thing: if they scanned the entire website, I would read this traffic through Wordfence, but the bot directly points new files. This is really puzzling me: at some level, I can’t find where, I’m suspecting plugins, there must be something informing the bot someone accesses web pages, I must admit people disappearing in The Leftovers series are far more explainable

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Live traffic info’ is closed to new replies.