Hi @lindaomid ,
I don’t think any ‘normal’ user would find themselves on /jm-ajax/get_listings instead of /jobs. There’s no way to find that URL without you explicitly linking it on your site (which I assume you haven’t. :))
What version of WordPress and WP Job Manager are you using?
Best,
Thank you very much for responding. You are correct. A normal user should not go to http://www.oursite.com/jm-ajax/get_listings. Of course, we never linked /jm-ajax/get_listings on our site.
WordPress 6.1.1 is the version we use (Latest)
Our WP Job Manager version is 1.35.3.
Because of the customizations we made to V. 1.35.3, we decided not to update the plugin to the new version (1.39.0). We do not believe that version 1.35.3 is related to the request. Even if our website is running the most recent version, Version 1.39.0, such a request could still be initiated. And the output of the https://www.oursite.com/jm-ajax/get listings/ result will remain the same.
No ordinary user will make a request to https://www.oursite.com/jm-ajax/get listings/.
Users who request this may be looking for ways to illegally scrape all of our aggregated jobs without permission, among other things. Those users were scraping our jobs using the WP Job Manager RSS until it (the RSS) was disabled.
Is it possible to disable /jm-ajax/get listings/ so that when a request like this (https://www.oursite.com/jm-ajax/get listings/) is made, it returns no job or nothing?
I believe hackers are using /jm-ajax/get listings/ to access WP Job Manager content. Another example is available here: https://ww.wp.xz.cn/support/topic/dos-attack-using-jm-ajax-get_listings-to-overload-the-server/
Thank you so much for your support and everything
Hi @lindaomid ,
I do believe part of the issue IS 1.35.x – previous examples of this (as shown in the other forum thread) have all had this version in common.
What do you see when you enter yourdomain.com/jm-ajax/get_listings?
What do you see when you enter yourdomain.com/?jm-ajax=get_listings ?
Please send screenshots.
Do you have any server error logs you could share?
A bigger issue here is that WP Job Manager is not made to hide jobs. The jm-ajax/get_listings mentioned is required for the [jobs] shortcode to work. You can remove that action, but it would break [jobs] shortcode. So there’s no easy solution for this, except for blocking accessing IPs via your server/security software etc.
Best,
Cena
Best,
Cena
You’re right. I have been able to figure out the real issue. yourdomain.com/jm-ajax/get_listings is not responsible for the issue I was describing. I have figured it out. Issue solved. Thank you so much for your time.
Hi @lindaomid –
I’m glad that you got this sorted out.
I’m going to mark this thread as resolved. If you have additional questions about WP Job Manager in the future, feel free to open a new thread.
