Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Strange access to my WordPress blog
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Strange access to my WordPress blog

    pepayapepaya Member
    edited August 2011 in Help

    Hi,
    I have small blog with only +-200 pageviews per day.
    Since few weeks ago, i notice strange access to my wordpress blog. And the logs file become very big. It can be thousand of MB in few hours.

    Sample of access:
    http://www.mydomain.com/wp-admin/admin-ajax.php?p2ajax=true&action=get_latest_comments&load_time=2011-08-03 14:42:02&lcwidget=true&vp[]=308&_=1312428279551

    It access my blog around 1-5 request per second from different IP. I'm not sure about the frequency as i can't measure it.

    I use nginx & php5-fpm on debian 6.

    It is just my hobby blog with no ads ( so i can't imagine any reason to attack my site).

    I have tried to protect the wp-admin directory to only permit access from certain IP, but it seems that my nginx conf not right yet

    location /wp-admin/ {
                    allow my.ip;
                    deny all;
    }
    

    Any suggestions?

    Thanks before

    Comments

    • Have you restart nginx?

      €5 Enterprise VPS from Evolution Host
      SellSSL.com - Comodo PositiveSSL from $7 per year!

    • BuzzPoetBuzzPoet Member
      edited August 2011

      That method didn't work for me either. Here's how I solved it. At the end of the server block, after all other directives, put this:

          if ($remote_addr = "<IP address>") {
              break;
          }
      
          if ($remote_addr = "<Another IP Address>") {
              break;
          }
      
          if ($remote_addr != "<your LEB IP>") {
              rewrite ^/wp-comments-post.php(.*)$ /wp-comments-post.php$1 last;
              rewrite ^/wp-admin/(.*)$ /index.php?q=$1 last;
              rewrite ^/wp-login.php(.*)$ /index.php?q=$1 last;
          }
      

      Where the first IP addresses are the ones you want to connect from. That breaks you out the last directive, which just says, if not its own IP address, rewrite all requests to wp-admin and wp-login.php.

      Thanked by 1pepaya
    • drmikedrmike Member
      edited August 2011

      What version of wp are you running? That's a very old hack from many years ago:

      http://core.trac.wordpress.org/ticket/10841

      Wondering if it's returned.

      edit: This too: http://wordpress.org/support/topic/what-are-requests-for-wp-adminadmin-ajaxphp

      Thanked by 1pepaya
    • @BuzzPoet
      Thanks, i will try your solution

      @drmike
      It is newest version of WP, maybe 3.2.1?
      "It is where all ajax requests are delegated. It is not exclusive to logged in users. " So, it is not security issue?
      If it is not security issue, i still annoyed with excessive logging. It can distract me from real hacking attempt

    • @BuzzPoet

      I have tried your solution.
      With your solution, wp-admin can be restricted.
      But the visitor can't give comment, even after i commenting your wp-comment-post rewrite

    Sign In or Register to comment.