Receiving so many Site Lockout Notifications

It might be the real threats.

My site only has very little posts and has been online about a year only. Now I get some brute-force login, auto-registration, any blablabla hacking attempts almost everyday.

WordPress is very popuplar, lots of hackers build script attempting to hack wordpress sites. If you googling, you will know that hacking a wordpress is not hard if the owner do not strengthen its default security.

Login Attempts
Is the attempts of hackers to try to login to your website to take over the control. Once if the success, he may blackmail you some money. I’ve seem some websites being hacked, and a message did appear on it asking the owner to contact the hacker.

404 Errors
There many possibilities about 404 errors:
– Registration/Signup (usually for spamming purposes)
– Missing files (hackers looking for script’s vulnerability)
– Missing files (that caused by plugins)

If you see your plugin’s name appear on the 404 error list, it can be caused by the plugin itself which mean its author doesn’t write the plugin properly.

Hi

Thanks for your answer. Actually, with that many errors, my provider considered there was an abuse or something like that and shut my website down. The provider sent me an email and we have now to fix the issue… I received at least A THOUSAND Notifications ! It’s insane, i wonder where this came from !

Yes, it’s insane.

I frequently received notifications, but not so much only several notifications in a day.

How did you fix the issue? Did you remove the plugin or did you disable the notification feature? I’m curious to know what went wrong on your website.

I always examine it if I receive notification email from my website. After many inspections I found that most of them are login attempts, some are signup attempts, and a few are 404 errors that caused by the plugin I’m using. Most the IPs are from Russia and China.

Can you please post some samples of the most frequent items that appear on your Security Log here?

Hi,

Actually the thing with my provider didnt seem to have anything to do with these notifications. It was an issue with the cache but whatever

1st sample :
URI : /wp-content/uploads/2013/01/12-J%C3%A9coute-150×150.jpg
Referrer : https://www.soniarochel.com/baby-bath-is-care-to-share-with-baby/
Count : 7165 !!!!!

2nd sample :
URI : /wp-content/uploads/2013/01/12-J%C3%A9coute-150×150.jpg?9d7bd4
Referrer : (empty)
Count : 5300 !!!

It’s so annoying… I need to do something !

If anyone wants, i can send the .csv log by email… If that can help, why not.

I took a look at my ftp and i found /wp-content/uploads/2013/01/12-J%C3%A9coute-150×150.jpg AND /wp-content/uploads/2013/01/12-J%C3%A9coute-150×150.jpg?9d7bd4

Should i delete them ? I don’t even understand how people can click this because it doesn’t even appear on my website

7165 and 5300 are really crazy!

I’m now inspecting this weird issue. So far the samples above are enough.

Do you use caching plugin? Is yes, which one do you use? I’m using W3 Total Cache, it works without any problem with Better WP Security.

I used to use W3TC but as i told you there was an issue with my provider. They told me something like “too many accesses on :
www/wp-content/w3tc/dbcache/”. Anyway, they told me to switch to WP Super Cache

The question is : why do i get all these notifications ?

The question is : why do i get all these notifications ?
wrong configuration of one or some of your plugins that cause them to be incompatible with each other or with your webhost environment.

I used to use W3TC …
You were using W3TC and you get the 404 error notifications, right? But what about now, do you still get the errors after using WP Super Cache?

You may interested to know, some days ago I just read from WordPress forum, some said W3TC database and object cache should be turn off in most cases, because they frequently incompatible with many webhost environment. Did you enable the database cache?

I ever had bad experience with W3TC, I turn on all the caching and my front page become garbage. Now I only enable page caching, so far no problem so I won’t try to change any configuration. Caching is a very complex technique, any wrong configuration may cause lots of troubles.

If you still get lots of 404 email notifications, you may to stop the plugin sending notification emails by:
Goto menu > Security > Intrution Detection > disable the Email 404 Notifications

Did you examine the IPs that trigger the errors? If most of them are from same IP, it can some hacking attempts. You may copy/paste the IP to check if they’re hackers:
https://www.projecthoneypot.org/search_ip.php

Thanks for your answer

Maybe it will help you to know more about my website (and potential incompatibility), here are the plugins i’m using :

Akismet
Better WP Security
Broken Link Checker
Jetpack by WordPress.com
Related Posts
Twenty Eleven Theme Extensions
WassUp Real Time Analytics
WordPress SEO
WP-DBManager
WP Maintenance Mode
WP Maintenance
WP Native Dashboard
WP Super Cache
Wysija Newsletters

Well, after installing WP Super Cache (a hour ago) i received a few more. Now, it’s been 30 minutes i didn’t receive anything so let’s see… I also changed a few things that could have helped

The thing is that even if i disable email notifications, there still are 404 errors that will be recorded. It won’t bother me anymore but it will still be stored, don’t you think so ?

About the IPs, basically they always are different :/

Where do i check if i enabled database cache. With all these things i’m getting confused

Thanks for your help

Forget what i’ve just said…

Between 11:03 and 11:12, 4 notifications DAMN !

Interesting. I like solving mysteries. Give me some time (perhaps days), I will try to set a testing site that use the plugins you’re using.

Well, you said you received some errors after installing WP Super Cache. I think that maybe me visiting your website that generated the errors. I’m from Indonesia, was visiting your website an hour ago. I saw from your html source, know that you were using WP Super Cache when I was visiting. You may check the IP to see was that my IP (Indonesia).

Now, I’m visiting again:
My IP: 36.69.22.44
Page visited: https://www.soniarochel.com/baby-massage/
Visited count: ± 10 times

Do you see my IP being recorded in the 404 error log? Is yes, it means that were not hacking attempts, but there really something wrong in your configuration, plugin or webhost.

Well, i didn’t receive any notification (at least, yet). However, on my admin area, i see that you’re IP appears in WP Better Security as an error… for this :

URI : /wp-content/uploads/2013/01/12-J%C3%A9coute-150×150.jpg
Referrer : https://www.soniarochel.com/baby-bath-is-care-to-share-with-baby/

Interesting. I like solving mysteries. Give me some time (perhaps days), I will try to set a testing site that use the plugins you’re using.

That would be hard to do as you would need to use EXACTLY the same plugins AND SETTINGS :/

Yes, you should not receiving any notification because turn it off, right.

But why my IP being recorded?

You’re now not using W3TC. So the chances caching plugins causing the issue is low, I personally think.

You said my IP being recorded, can you tell how many count are in the logs? Is it 10 or more? I’m sure I’ve visited it at least 10x. And the strange is why the referrer is baby-bath-is-care-to-share-with-baby, while I intentionally try to generate the 404 error on baby-massage page.

I’m thinking the culprit is any other plugin, not the caching.

So, now please tell me:
– What is the count number in the logs?
– Is any …/baby-massage/ referrer being recorded?

Actually, it’s weird because i saved the .csv log and your ip appears twice :
– /wp-content/uploads/2013/01/12-J%C3%A9coute-150×150.jpg,1360145906,36.69.22.44,,
– /wp-content/uploads/2013/01/A9coute-150×150.jpg,1360145934,36.69.22.44,,

(url,time,host,referrer,)

Sorry but as english isn’t my mother tongue, i’m not sure to understand what “referrer” is ?

Also, should i clean the database with the 44 000 404errors ? or it’s better to do it after we solve the problem ?

ps : is there anyway that the developper of this plugin take a look at my issue ?