Hi spespam,
We regularly test our plugin against SQL injection attacks and to the best of my knowledge, there isn’t one in the latest version of AWPCP.
Since there are many vectors that an attacker can use on a WordPress site through your theme and (many) other plugins, it’s possible that the attacker is finding a way in by trying to exploit other weaknesses.
My suggestion would be to install Wordfence to help you identify malicious behavior on your site and block it out. If you find that an attack has been successful, Wordfence will help you clean it up and identify any compromised plugins and theme files.
Thank you for your suggestion.
I installed Wordfence and the hits actually came from Facebook !!!!!
Browser: FacebookExternalHit version 1.1
facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Strange, isn’t it ?
Wordfence did not detect any threats from my other plugins though.
That’s good news, at least. Traffic from Facebook doesn’t sound so bad, but surprising in this case. Glad you figured it out.
Soo any solutions for this Facebook traffic and why in the first place it is happening? It’s like 1 visit per 2 seconds and it is coming from:
Saint Robert, United States visited http://…/my-url-with-classified-ads/
1 minute ago IP: 66.220.156.114 [block]
Browser: FacebookExternalHit version 1.1
facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Update: This problem is being caused by enabling your facebook integration …
AWCP v3.3.2
The issue is that you’re getting hit from the Facebook bot. That’s out of the control of AWPCP.
You can read more about it here: https://ww.wp.xz.cn/support/topic/any-solution-for-facebookexternalhit11-flood?replies=4
It’s a consequence of allowing FB to see your content and crawl it, unfortunately.
