Support » Plugin: Wordfence Security - Firewall & Malware Scan » [Wordfence Alert] Increased Attack Rate

  • Resolved Ronit shakya

    (@ezweb972)


    July 15, 2019 8:15am 211.214.160.164 (Korea, Republic of) Blocked for WP GDPR Compliance <= 1.4.2 – Update Any Option / Call Any Action in POST body: action=wpgdprc_process_action
    July 15, 2019 8:15am 211.214.160.164 (Korea, Republic of) Blocked for Total Donations (all known versions) – Multiple Unauthenticated AJAX Actions
    July 15, 2019 8:15am 211.214.160.164 (Korea, Republic of) Blocked for Newspaper Premium Theme <= 6.7.1 – Privilege Escalation
    July 15, 2019 8:15am 211.214.160.164 (Korea, Republic of) Blocked for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=test
    July 15, 2019 8:15am 211.214.160.164 (Korea, Republic of) Blocked for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=test
    July 15, 2019 8:14am 211.214.160.164 (Korea, Republic of) Blocked for WP GDPR Compliance <= 1.4.2 – Update Any Option / Call Any Action in POST body: action=wpgdprc_process_action
    July 15, 2019 8:14am 211.214.160.164 (Korea, Republic of) Blocked for Total Donations (all known versions) – Multiple Unauthenticated AJAX Actions
    July 15, 2019 8:14am 211.214.160.164 (Korea, Republic of) Blocked for Newspaper Premium Theme <= 6.7.1 – Privilege Escalation
    July 15, 2019 8:14am 211.214.160.164 (Korea, Republic of) Blocked for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=test
    July 15, 2019 8:14am 211.214.160.164 (Korea, Republic of) Blocked for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=test

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • What action do you prefer me to take over it?

    Plugin Support WFGerroald

    (@wfgerald)

    Hey @ezweb972,

    It’s always alarming to see attacks like this. There’s only so much we can do to prevent attacks, it’s more about making sure they aren’t successful, which it looks like Wordfence is doing. You could permanently block that IP if you’d like.

    Thanks,

    Gerroald

    donnaWPadmin

    (@donnawpadmin)

    Any idea what plugin or breach is responsible? I can restore my site most likely, but I don’t want it to go right back again…This guy that hit mine, his IP was blocked, but the bot kept hitting the page anyway…I have pages of his attempt, even after I permanently blocked him. I don’t understand what happened, I thought I had everything locked down good.

    Geroald, your site doesn’t appear to be down, did you restore it already? I had this message in my wordfence log, but funny thing is, I don’t even have this plugin, and the bot that kept hitting my site, his IP was blocked… https://ajbusinesscenter.com

    Home page loads, but none of the other pages load. I haven’t restored it just yet, I want to find out what happened first. It passes the highest sensitivity WordFence scan, and other scans as well…nothing is detected…

    Plugin Support WFGerroald

    (@wfgerald)

    Hey @donnawpadmin,

    This doesn’t indicate a hack, but rather our WAF blocking attempts at known vulnerabilities. You can see this in the description, for example:

    Blocked for Yellow Pencil Visual Theme Customize

    This means it was blocked for attempting to exploit the vulnerability in the Yellow Pencil Visual Theme Customize Customizer plugin.

    https://www.wordfence.com/blog/2019/04/zero-day-vulnerability-in-yellow-pencil-visual-theme-customizer-exploited-in-the-wild/

    If you have any other questions please start a new thread per the Forum Guidelines.

    Thanks,

    Gerroald

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Wordfence Alert] Increased Attack Rate’ is closed to new replies.