“(MISSING)” in urls

  • jeuansk

    (@jeuansk)


    7 years, 4 months ago

    Hi, I was wondering if, by any chance, the WordFence plugin ever replaces characters in a user’s requested url with “MISSING” (maybe to protect against XSS)?

    I ask because recently in the WordFence live traffic logs, I’ve noticed a few bots visit this url:

    /login/?redirect=http%!A(MISSING)%!F(MISSING)%!F(MISSING)ourdomain.org%!F(MISSING)wp-login.php

    The “normal” version of that url, the one that humans and most bots hit is:
    /login/?redirect=https%3A%2F%2Fourdomain.org%2F

    Is the “MISSING” replacing something else, or are the bots really trying to visit a url with “MISSING” in the string???

    And, maybe it’s a coincidence, but our site has briefly gone down on two occasions within a few minutes of being hit by the bots visiting the url with “(MISSING)” in it, and I’m trying to figure out what’s going on.

    Thanks!

The topic ‘“(MISSING)” in urls’ is closed to new replies.