Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Strange access to my WordPress blog
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Strange access to my WordPress blog

pepayapepaya Member
edited August 2011 in Help

Hi,
I have small blog with only +-200 pageviews per day.
Since few weeks ago, i notice strange access to my wordpress blog. And the logs file become very big. It can be thousand of MB in few hours.

Sample of access:
http://www.mydomain.com/wp-admin/admin-ajax.php?p2ajax=true&action=get_latest_comments&load_time=2011-08-03 14:42:02&lcwidget=true&vp[]=308&_=1312428279551

It access my blog around 1-5 request per second from different IP. I'm not sure about the frequency as i can't measure it.

I use nginx & php5-fpm on debian 6.

It is just my hobby blog with no ads ( so i can't imagine any reason to attack my site).

I have tried to protect the wp-admin directory to only permit access from certain IP, but it seems that my nginx conf not right yet

location /wp-admin/ {
                allow my.ip;
                deny all;
}

Any suggestions?

Thanks before

Comments

  • gianggiang Veteran

    Have you restart nginx?

  • BuzzPoetBuzzPoet Member
    edited August 2011

    That method didn't work for me either. Here's how I solved it. At the end of the server block, after all other directives, put this:

        if ($remote_addr = "<IP address>") {
            break;
        }
    
        if ($remote_addr = "<Another IP Address>") {
            break;
        }
    
        if ($remote_addr != "<your LEB IP>") {
            rewrite ^/wp-comments-post.php(.*)$ /wp-comments-post.php$1 last;
            rewrite ^/wp-admin/(.*)$ /index.php?q=$1 last;
            rewrite ^/wp-login.php(.*)$ /index.php?q=$1 last;
        }
    

    Where the first IP addresses are the ones you want to connect from. That breaks you out the last directive, which just says, if not its own IP address, rewrite all requests to wp-admin and wp-login.php.

    Thanked by 1pepaya
  • drmikedrmike Member
    edited August 2011

    What version of wp are you running? That's a very old hack from many years ago:

    http://core.trac.wordpress.org/ticket/10841

    Wondering if it's returned.

    edit: This too: http://wordpress.org/support/topic/what-are-requests-for-wp-adminadmin-ajaxphp

    Thanked by 1pepaya
  • @BuzzPoet
    Thanks, i will try your solution

    @drmike
    It is newest version of WP, maybe 3.2.1?
    "It is where all ajax requests are delegated. It is not exclusive to logged in users. " So, it is not security issue?
    If it is not security issue, i still annoyed with excessive logging. It can distract me from real hacking attempt

  • @BuzzPoet

    I have tried your solution.
    With your solution, wp-admin can be restricted.
    But the visitor can't give comment, even after i commenting your wp-comment-post rewrite

Sign In or Register to comment.