1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Being scanned for wordpress plugins

Discussion in 'Security' started by jonathon, Jul 16, 2012.

  1. #1
    For a few months now i been getting daily scans from this ip address 176.9.214.103 for different wordpress plugins each time, so have i pissed off some script kiddie, or is this something more!


    [Sat Jul 14 15:59:18 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/topquark
    [Sat Jul 14 15:59:18 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/wpstorecart
    [Sat Jul 14 15:59:16 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/mm-forms-community
    [Sat Jul 14 15:59:14 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/front-end-upload
    [Sat Jul 14 15:59:14 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/foxypress
    [Sat Jul 14 15:59:14 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/front-file-manager
    [Sat Jul 14 15:59:13 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/html5avmanager
    [Sat Jul 14 15:59:13 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/wpmarketplace
    [Sat Jul 14 15:59:13 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/omni-secure-files
    [Sat Jul 14 15:58:22 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/mac-dock-gallery
    [Sat Jul 14 15:58:22 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/wp-property
    [Sat Jul 14 15:58:22 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/rbxgallery
    [Sat Jul 14 15:58:20 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/pica-photo-gallery
    [Sat Jul 14 15:58:18 2012] [error] [client 176.9.214.103] client denied by server configuration: /home/*******/public_html/blog/wp-content/plugins/wp-gpx-maps
    Code (markup):

    SEMrush
     
    Solved! View solution.
    jonathon, Jul 16, 2012 IP
    SEMrush
  2. #2
    Scanning by script kiddies is an unfortunate fact of life. The best defense is to keep your WordPress updated religiously. There are also a number of techniques you can use to further secure your WordPress install. (I won't repeat them here since they're easily found in the WordPress forums and by searching in your favorite search engine.) Script kiddies rely on two things: vulnerable code and unsecure file and folder permissions. Take those away and your website is much less likely to be successfully attacked.

    If you want to stop that scan and it is always coming from the same IP, you can block it in htaccess. If you're on a VPS you can use iptables to block it.
     
    Ray Baron, Jul 17, 2012 IP
  3. TechieH

    TechieH Peon

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Firewall the IP. If you are using a cPanel, find IP Deny Manager and add the IP to it. I believe it simply adds a .htaccess to deny the IP, correct me if I'm wrong. The WordPress CMS is secure itself, the plugins make it vulnerable. Keep your plugins updated and try to avoid most of them. Just search Google for tutorials to protect your WordPress installation, I'm sure you will find some good ones. You can also Pen-test your site by using a good Penetration tester. It will help a lot. If you need any help, PM me. I will happy to guide you!
     
    TechieH, Jul 18, 2012 IP
  4. Surminga

    Surminga Member

    Messages:
    153
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    28
    #4
    Could this have been a source to me getting Malware affected on one of my Wordpress sites?
     
    Surminga, Jul 18, 2012 IP
  5. jonathon

    jonathon Active Member

    Messages:
    523
    Likes Received:
    18
    Best Answers:
    0
    Trophy Points:
    60
    #5
    I have my blog files/folders locked down by .htaccess files, i keep banning the IP adddress, yet for some reason they keep coming back with new IP address, all the plugins are up-to-date and the wp install too.

    But what if this turns into a DOSS attack is there anyway of predicting that?
     
    jonathon, Jul 18, 2012 IP
  6. Ray Baron

    Ray Baron Member

    Messages:
    148
    Likes Received:
    10
    Best Answers:
    3
    Trophy Points:
    43
    #6
    The behavior you describe is quite normal for vulnerability scans. The same scan will often come in from ever changing IPs. (Chances are, you're receiving other scans, too.)

    Unlikely that it is a DDoS. A DDoS is a denial of service (DoS - typically requests a single page many times over a short period of time), from multiple sources (the first D - distributed). If you ever do fall victim to a true DDoS, there is precious little you can do at the time other than take the site offline (block all incoming traffic).
     
    Ray Baron, Jul 20, 2012 IP
  7. TiffanyJ.SSS

    TiffanyJ.SSS Member

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    33
    #7
    What we do is scan for attacks like that and proceed with automatic blocking.
     
    TiffanyJ.SSS, Aug 2, 2012 IP
  8. alversia

    alversia Peon

    Messages:
    34
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Hello all...
    I have a blog on wordpress platform, these events may not often encountered. However, I think it is important to add to the experience. @Ray, thanks for sharing...
     
    alversia, Aug 14, 2012 IP