Title: Possible DoS Attack. Please help. Last modified: December 12, 2022 --- # Possible DoS Attack. Please help. * Resolved [lindaomid](https://wordpress.org/support/users/lindaomid/) * (@lindaomid) * [3 years, 6 months ago](https://wordpress.org/support/topic/possible-dos-attack-please-help/) * From our access log, we see numerous IP addresses visiting [http://www.oursite.com/jm-ajax/get_listings/](http://www.oursite.com/jm-ajax/get_listings/). We think our site users (job seekers) ought to request job listings from [http://www.oursite.com/jobs](http://www.oursite.com/jobs) instead of [http://www.oursite.com/jm-ajax/get_listings/](http://www.oursite.com/jm-ajax/get_listings/). * Please is request from jm-ajax/get_listings normal? Are they DoS attacks or similar? * Please help us. * Thank you in advance. Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Contributor [Cena (a11n)](https://wordpress.org/support/users/cena/) * (@cena) * [3 years, 6 months ago](https://wordpress.org/support/topic/possible-dos-attack-please-help/#post-16286243) * Hi [@lindaomid](https://wordpress.org/support/users/lindaomid/) , * I don’t think any ‘normal’ user would find themselves on /jm-ajax/get_listings instead of /jobs. There’s no way to find that URL without you explicitly linking it on your site (which I assume you haven’t. :)) * What version of WordPress and WP Job Manager are you using? * Best, * Thread Starter [lindaomid](https://wordpress.org/support/users/lindaomid/) * (@lindaomid) * [3 years, 6 months ago](https://wordpress.org/support/topic/possible-dos-attack-please-help/#post-16287014) * Thank you very much for responding. You are correct. A normal user should not go to [http://www.oursite.com/jm-ajax/get_listings](http://www.oursite.com/jm-ajax/get_listings). Of course, we never linked /jm-ajax/get_listings on our site. * WordPress 6.1.1 is the version we use (Latest) Our WP Job Manager version is 1.35.3. * Because of the customizations we made to V. 1.35.3, we decided not to update the plugin to the new version (1.39.0). We do not believe that version 1.35.3 is related to the request. Even if our website is running the most recent version, Version 1.39.0, such a request could still be initiated. And the output of the [https://www.oursite.com/jm-ajax/get](https://www.oursite.com/jm-ajax/get) listings/ result will remain the same. * No ordinary user will make a request to [https://www.oursite.com/jm-ajax/get](https://www.oursite.com/jm-ajax/get) listings/. * Users who request this may be looking for ways to illegally scrape all of our aggregated jobs without permission, among other things. Those users were scraping our jobs using the WP Job Manager RSS until it (the RSS) was disabled. * Is it possible to disable /jm-ajax/get listings/ so that when a request like this ([https://www.oursite.com/jm-ajax/get](https://www.oursite.com/jm-ajax/get) listings/) is made, it returns no job or nothing? I believe hackers are using/ jm-ajax/get listings/ to access WP Job Manager content. Another example is available here: [https://wordpress.org/support/topic/dos-attack-using-jm-ajax-get_listings-to-overload-the-server/](https://wordpress.org/support/topic/dos-attack-using-jm-ajax-get_listings-to-overload-the-server/) * Thank you so much for your support and everything * Plugin Contributor [Cena (a11n)](https://wordpress.org/support/users/cena/) * (@cena) * [3 years, 6 months ago](https://wordpress.org/support/topic/possible-dos-attack-please-help/#post-16289171) * Hi [@lindaomid](https://wordpress.org/support/users/lindaomid/) , * I do believe part of the issue IS 1.35.x – previous examples of this (as shown in the other forum thread) have all had this version in common. * What do you see when you enter yourdomain.com/jm-ajax/get_listings? * What do you see when you enter yourdomain.com/?jm-ajax=get_listings ? * Please send screenshots. * Do you have any server error logs you could share? * A bigger issue here is that WP Job Manager is not made to hide jobs. The jm-ajax/ get_listings mentioned is required for the [jobs] shortcode to work. You can remove that action, but it would break [jobs] shortcode. So there’s no easy solution for this, except for blocking accessing IPs via your server/security software etc. * Best, Cena * Best, Cena * Thread Starter [lindaomid](https://wordpress.org/support/users/lindaomid/) * (@lindaomid) * [3 years, 5 months ago](https://wordpress.org/support/topic/possible-dos-attack-please-help/#post-16308231) * You’re right. I have been able to figure out the real issue. yourdomain.com/jm- ajax/get_listings is not responsible for the issue I was describing. I have figured it out. Issue solved. Thank you so much for your time. * Plugin Support [lastsplash (a11n)](https://wordpress.org/support/users/lastsplash/) * (@lastsplash) * [3 years, 5 months ago](https://wordpress.org/support/topic/possible-dos-attack-please-help/#post-16310177) * Hi [@lindaomid](https://wordpress.org/support/users/lindaomid/) – * I’m glad that you got this sorted out. * I’m going to mark this thread as resolved. If you have additional questions about WP Job Manager in the future, feel free to open a new thread. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Possible DoS Attack. Please help.’ is closed to new replies. * ![](https://ps.w.org/wp-job-manager/assets/icon-256x256.gif?rev=2975257) * [WP Job Manager](https://wordpress.org/plugins/wp-job-manager/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-job-manager/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-job-manager/) * [Active Topics](https://wordpress.org/support/plugin/wp-job-manager/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-job-manager/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-job-manager/reviews/) * 5 replies * 3 participants * Last reply from: [lastsplash (a11n)](https://wordpress.org/support/users/lastsplash/) * Last activity: [3 years, 5 months ago](https://wordpress.org/support/topic/possible-dos-attack-please-help/#post-16310177) * Status: resolved