Support » Plugin: Cerber Security, Antispam & Malware Scan » PSA: Spammers using public DNS providers

  • Resolved r-a-y

    (@r-a-y)


    Just noticed that WP Cerber is blocking public DNS IP addresses.

    I think the blocking is legitimate though as spammers could be using public DNS providers like Google’s 8.8.8.8 and OpenDNS to run their scripts.

    I note this for those that might be confused. Doesn’t appear to be a bug with WP Cerber.

    Here’s a bit of the log:

    208.67.220.220
    resolver2.opendns.com	July 9, 2018, 1:21 pm	
    Attempt to access prohibited URL Locked out
    URL: example.com///xmlrpc.php
    
    208.67.220.220
    resolver2.opendns.com	July 9, 2018, 1:21 pm	
    Form submission denied Locked out
    URL: example.com///xmlrpc.php
    
    192.33.4.12
    c.root-servers.net	July 9, 2018, 1:11 pm	
    Form submission denied Locked out
    URL: example.com///xmlrpc.php
    
    192.33.4.12
    c.root-servers.net	July 9, 2018, 1:11 pm	
    Attempt to access prohibited URL Locked out
    URL: example.com///xmlrpc.php
    
    192.203.230.10
    e.root-servers.net	July 9, 2018, 1:03 pm	
    Attempt to access prohibited URL
    URL: example.com///xmlrpc.php
    
    192.5.5.241
    f.root-servers.net	July 9, 2018, 1:03 pm	
    Attempt to access prohibited URL
    URL: example.com///xmlrpc.php
    
    8.8.4.4
    google-public-dns-b.google.com	July 9, 2018, 12:59 pm	
    Attempt to access prohibited URL
    URL: example.com///xmlrpc.php
    
    8.8.8.8
    google-public-dns-a.google.com	July 9, 2018, 12:46 pm	
    Attempt to access prohibited URL Locked out
    URL: example.com///xmlrpc.php
    
    8.8.8.8
    google-public-dns-a.google.com	July 9, 2018, 12:46 pm	
    Form submission denied Locked out
    URL: example.com///xmlrpc.php
Viewing 1 replies (of 1 total)
  • Plugin Author Gioni

    (@gioni)

    That’s a bit weird and confusing. Considering that fact that those IPs should not make requests to the xmlrpc.php script at all. But it’s not a bug, perhaps someone has managed to spoof those IP and the requests come from a bad actor’s computer. Anyway, you should not care about that, the plugin locks out the IPs correctly.

Viewing 1 replies (of 1 total)
  • The topic ‘PSA: Spammers using public DNS providers’ is closed to new replies.