Spoofing or goofing?

#1

Cloudflare IPs being spoofed in Wordpress attacks? (Same IPs appear regularly, same geographical regions). Anyone else seeing this?

|3 hours ago|141.101.77.31|REQUEST_URI|/wp-content/plugins/ungallery/source_vuln.php?pic=…/…/…/…/…/wp-config.php|
|3 hours ago|162.158.111.36|REQUEST_URI|/wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/admin/downloadAttachment.php?path=…/…/…/…/…/wp-config.php|
|3 hours ago|162.158.111.84|FILES|settings_auto.php|
|3 hours ago|141.101.104.190|REQUEST_URI|/wp-admin/admin-ajax.php?action=revslider_show_image&img=…/wp-config.php|

#2

I assume your site is on Cloudflare, is it not?

In that case nothing is being spoofed but you havent rewritten the IP addresses of the requests you receive through Cloudflare’s proxies.

1 Like
#3
#4

Thanks for the link.

closed #5

This topic was automatically closed after 30 days. New replies are no longer allowed.