Suspicious URL being aimed at my site

2ndmouse · January 1, 2013, 8:04am

hi all

my log files are showing attempts to load the following url by someone in the Ukraine. I don’t think it’s a harmful request as it simply gets a ‘bad request’ response from the browser. Just wondering if anyone here has seen this type of request before and whether I should block the ip.

URL:

mysite.com/change-log+++++++++++++++++++++++++++++Result:+��+��+x_fields.txt;+��%

Regards and happy new year

esn003 · January 1, 2013, 12:48pm

If you don’t know what it is, I think you shoul block that IP (how do you do that?).
Better safe than sorry…

2ndmouse · January 1, 2013, 2:46pm

yes, I’ve already put a temporary block on the IP. It’s a wordpress site and I use wordfence plugin to block the IP. however, if you have access to the server, the IP can be blocked from there.

esn003 · January 1, 2013, 4:31pm

“wordfence plugin” thank you for the tip. My site is also a Wordpres

cheesedude · January 2, 2013, 6:00pm

I get those types of requests all the time, usually from Russia, Ukraine, and China. I’m not sure what the intention is, but my guess is that some bot is probing for any type of security vulnerability it can find. If you block the IP then you can expect to block more IPs because it isn’t hard for a hacker to find a new IP address.

2ndmouse · January 3, 2013, 10:10am

Thanks cheesedude

I guess this type of request is not doing any harm. However, I have noticed an attempt to login (this time from USA) to my wordpress admin where the user name was entered as:

The login failed, but I’m a little worried by what they are trying to attempt here - any ideas anyone?

Regards

esn003 · January 3, 2013, 11:51am

The only thing you can do is to change (or remove) any user’s name begining with ‘admin’.
The funny point here is that I got the same thing on my site and that leeds me to think of a bot doing “research”

logic_earth · January 4, 2013, 3:35am

Running a Wordpress site you are going to be scanned and probed, nothing you can do about that. Wordpress is filled with vulnerabilities, you need to keep it updated. This is why I don’t use it for client sites, they always get too lazy and fail to update.

esn003 · January 4, 2013, 11:56am

“t|post[body]|post[message]|post_comment_root|post_comment_source|post_data[message]|post_message|postcomment|PostComment_ascx$tbComment|poster_”

You have nothing to worry about here.

The user name is to long according to any standard.
It contains characters parsed out by WordPress.
The login failed… :x

I am so greatfull to you for suggesting this plugin.
Now I have ‘friends’ all over the world, some of them…:mad: