JLCahill

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Forum: Plugins
    In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] CPU usage to serve 404 and 503 pages
    Thread Starter JLCahill

    (@jlcahill)

    1 year ago

    @wfphil, thank you for your response. I have indeed found that the 503 response is not resource-demanding. All good. I was initially wanting the ante-WP 403, but since I see that the 503 doesn’t put a huge load on the processors, I’m good. What do I care at that point, right, as long as the baddies get served with a “can’t touch this” response. ¡Toma!

    Forum: Plugins
    In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] WF not blocking bad IPs after triggering rule
    Thread Starter JLCahill

    (@jlcahill)

    1 year ago

    Thank you for the response.

    I can verify that the server processes the query for the .well-known directory before hitting WP, because it does not server the WP 404. I did not realize this; it is good to know. And your observation about the missing byte log conforms to this same fact. Good call.

    The two “-“s you see at the end are the 1) the server not logging a referring URL and 2) the bot not disclosing the user-agent making the query. The existence of both those “-” at the end are the signature of a bad player. Most non-suspect entries contain non-null entries in both, and always a user-agent disclosure. See this entry as an example:

    140.211.41.59 – – [05/May/2025:15:40:47 -0400] “GET /wp-content/plugins/bb-plugin/js/jquery.magnificpopup.min.js?ver=2.8.6.2 HTTP/1.1” 200 19986 https://aspendigital.net/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36”

    Excellent post. Helped me understand why those 404s exist in the middle of a bunch of WF 503s.

    Forum: Plugins
    In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] CPU usage to serve 404 and 503 pages
    Thread Starter JLCahill

    (@jlcahill)

    1 year ago

    @sgot

    I’m not familiar with the setting “Basic WordPress Protection” or where it is found. That doesn’t appear to be an option I find in the Wordfence workspace. Unless you’re referring to using Wordfence without the front-end htaccess code.

    But I’m thinking I’ve found the solution. In the end, the 503s don’t use as much CPU as the 404s, so I guess I’m not so bothered that I’m not getting a static 403 or 503. You just have to use a ton of firewall rules in the Advanced Firewall Options area, to capture all the bad queries. Seems to be working though. Did get some false positives that forced some adjustments to the rules, but that’s good anyway; you want clean rules.

Viewing 3 replies - 1 through 3 (of 3 total)