For a few months now i been getting daily scans from this ip address 176.9.214.103 for different wordpress plugins each time, so have i pissed off some script kiddie, or is this something more! [Sat Jul 14 15:59:18 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/topquark [Sat Jul 14 15:59:18 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/wpstorecart [Sat Jul 14 15:59:16 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/mm-forms-community [Sat Jul 14 15:59:14 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/front-end-upload [Sat Jul 14 15:59:14 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/foxypress [Sat Jul 14 15:59:14 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/front-file-manager [Sat Jul 14 15:59:13 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/html5avmanager [Sat Jul 14 15:59:13 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/wpmarketplace [Sat Jul 14 15:59:13 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/omni-secure-files [Sat Jul 14 15:58:22 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/mac-dock-gallery [Sat Jul 14 15:58:22 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/wp-property [Sat Jul 14 15:58:22 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/rbxgallery [Sat Jul 14 15:58:20 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/pica-photo-gallery [Sat Jul 14 15:58:18 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/wp-gpx-maps Code (markup):
Scanning by script kiddies is an unfortunate fact of life. The best defense is to keep your WordPress updated religiously. There are also a number of techniques you can use to further secure your WordPress install. (I won't repeat them here since they're easily found in the WordPress forums and by searching in your favorite search engine.) Script kiddies rely on two things: vulnerable code and unsecure file and folder permissions. Take those away and your website is much less likely to be successfully attacked. If you want to stop that scan and it is always coming from the same IP, you can block it in htaccess. If you're on a VPS you can use iptables to block it.
Firewall the IP. If you are using a cPanel, find IP Deny Manager and add the IP to it. I believe it simply adds a .htaccess to deny the IP, correct me if I'm wrong. The WordPress CMS is secure itself, the plugins make it vulnerable. Keep your plugins updated and try to avoid most of them. Just search Google for tutorials to protect your WordPress installation, I'm sure you will find some good ones. You can also Pen-test your site by using a good Penetration tester. It will help a lot. If you need any help, PM me. I will happy to guide you!
I have my blog files/folders locked down by .htaccess files, i keep banning the IP adddress, yet for some reason they keep coming back with new IP address, all the plugins are up-to-date and the wp install too. But what if this turns into a DOSS attack is there anyway of predicting that?
The behavior you describe is quite normal for vulnerability scans. The same scan will often come in from ever changing IPs. (Chances are, you're receiving other scans, too.) Unlikely that it is a DDoS. A DDoS is a denial of service (DoS - typically requests a single page many times over a short period of time), from multiple sources (the first D - distributed). If you ever do fall victim to a true DDoS, there is precious little you can do at the time other than take the site offline (block all incoming traffic).
Hello all... I have a blog on wordpress platform, these events may not often encountered. However, I think it is important to add to the experience. @Ray, thanks for sharing...