Most recent attacks

  • Resolved billy98111

    (@billy98111)


    7 years, 2 months ago

    As you can see from the firewall log below, I keep seeing these attacks once every few days from different IPs and Wordfence seems to be blocking it but is there something else I can do since I’m sure it’s taxing on the site and they are most likely probing for other vulnerabilities.

    The Wordfence Web Application Firewall has blocked 123 attacks over the last 10 minutes. Below is a sample of these recent attacks:

    March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL#
March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL#
March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL#
March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add%' UNION ALL SELECT NULL,NULL,NULL,NULL#
March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add%' UNION ALL SELECT NULL,NULL,NULL#
March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add%' UNION ALL SELECT NULL,NULL#
March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add%' UNION ALL SELECT NULL#
March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
March 24, 2019 9:17am  185.222.209.222 (United Kingdom)     Blocked for SQL Injection in query string: a=add' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    • This topic was modified 7 years, 2 months ago by billy98111. Reason: More logs
    • This topic was modified 7 years, 2 months ago by billy98111.
Viewing 1 replies (of 1 total)
  • wfdave

    (@wfdave)

    7 years, 2 months ago

    Hi @billy98111,

    This is indeed an attacker attempting an SQL injection exploit.

    I would recommend extending the amount of time an IP is blocked when it is found attacking your site.

    Go to Wordfence -> All Options -> Rate Limiting, and change How long is an IP address blocked when it breaks a rule to 12 hours or even 1 day.

    For example: https://i.imgur.com/byNEJDV.png

    There should be no reason why that IP address should be able to attack your website 10 times within 10 minutes.

    Dave

Viewing 1 replies (of 1 total)

The topic ‘Most recent attacks’ is closed to new replies.