Hi
I have been fixing this site that wasn’t updated for years (wp-core was but not all plugins). I just put it behind cloudflare and deployed a firewall rule that blocks bad bots and allow good ones. In the cloudflare firewall log I get this block. Which seems odd at least, and doing a cronjob. Any ideas? Changes salts and enforced 2fa for admins and editors so far.
Ray ID
61a51bbc9e2833as
Method
POST
HTTP Version
HTTP/1.1
Host
(own site)
Path
/wp-cron.php
Query string
?doing_wp_cron=1612113678.4625999927520751953125
User agent
Bot1rNagguX6
IP address
185.76.64.167
ASN
AS200719 MISSDOMAIN (my host)
Country
Sweden
It’s quite normal for automated bots to be scamming for login panels, and attempting to log in to them
Yes however, since host is my own site , doesn’t that say that the bot is on the inside rather from outside?
I believe the Host field refers to the Host header that the “browser” sent Host - HTTP | MDN
So no I don’t think it’s on the inside, unless your web server’s ip address is 185.76.64.167?
185.76.64.167 is the sites address on cloudflare
Oh in that case it is strange, wp-cron.php seems to be a Wordpress cron thing, but that User agent does seem strange. I suggest you investigate this further
1 Like
This topic was automatically closed after 30 days. New replies are no longer allowed.