Hi,
thanks for your post, and sorry for the trouble.
This event is indeed a regular and legitimate update check, so nothing is wrong with that. As the TablePress Extensions are not in the wordpress.org Plugin Repository, they do update checks to the tablepress.org server.
I do however not recognize that 178.200.237.161 IP address. Could that be your local or your server’s IP? The tablepress.org server’s IP is 85.214.210.210.
Regards,
Tobias
Thread Starter
tn2
(@tn2)
Hi Tobias,
thanks for your quick response.
Please take a look at https://www.dropbox.com/s/l3c8qkv8rmdac3v/tablepress.png?dl=0
These are different IPs from Unitymedia, Telekom …
We are not using these IPs to log into the site and the server IP is also different.
I have to investigate further what’s going on there as I do not know what exactly Stream is reporting here.
If you want to check it out: https://de.wordpress.org/plugins/stream/
Thanks and best regards
Carsten
Thread Starter
tn2
(@tn2)
Could it be regular visitors trigger wp cron to perform plugin activity? I think I have to check the server logs… Will report later.
-
This reply was modified 8 years, 9 months ago by
tn2.
Hi,
yes, that would make sense. The update check is trigger via the WP Cron functionality.
I could imagine that Stream shows the IP of the visitor who triggered the WP Cron job here, because there’s no actual logged-in user.
Regards,
Tobias
Thread Starter
tn2
(@tn2)
Ok, I checked date & time from the access logs and these are normal requests like
GET /wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888 HTTP/2
that trigger the WP cron job/update check and execute this log entry with the visitors ip.
Funny thing: From all the cron entries like wordfence, wp core update check and so on, the one we’re talking about here is the only one displayed with WP Stream default settings. So I knocked on your door… 🙂
Have a nice week.
Best regards
Carsten
Hi,
is the request to that .woff file returning a file? I could only really imagine that this triggers the WP cron job, if this returns a 404 error… Otherwise, WordPress should never “hear” about this request.
Regards,
Tobias
Thread Starter
tn2
(@tn2)
All I got is
vor 16 Stunden
2017/07/23
03:43:11 PM “external_updates-tablepress-responsive-tables” setting was updated N/A N/A
Settings
↳ Settings Updated 87.169.241.233
from WP-Stream
and a regular visitor with matching ip coming from google with like some 100 entries surfing the site, two entries with matching date & time stamp
GET /wp-content/plugins/wpdatatables/assets/fonts/wpdatatablesicons-base.woff HTTP/2 Referrer: https://www. x x x .de/wp-content/plugins/wpdatatables/assets/css/wpdatatables.min.css?ver=4.8
and
GET /wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888 HTTP/2
Referrer: https://www. x x x .de/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.5.1
a second earlier at 03:43:10 PM there was a POST /wp-admin/admin-ajax.php?action=get_wdtable&table_id=123 HTTP/2
No 404 around.
Pretty tricky to get hold of the logfile at this clients hoster, so that’s all I got…
Best regards
Carsten
Hi Carsten,
ok. Thanks for investigating this further.
But ultimately, everything is here is fine and legitimate, so nothing to worry about with these Cron requests.
Best wishes,
Tobias
