Acme challenges in WP Cerber

  • Resolved ljfent

    (@ljfent)


    3 years, 8 months ago

    Hello,

    We are getting many of these acme challenges in our WP Cerber traffic

    /.well-known/acme-challenge/-0X_9YW9EGCUGX9HQEE7LWVI1SX7SC5A

    Can you tell me what these are, if they are a security risk and what we might want to do about them?

    Best,

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author gioni

    (@gioni)

    It looks like someone is scanning the website for phishing pages: https://www.securityweek.com/phishing-pages-hidden-well-known-directory

    There is a risk to get a phishing page installed in the /.well-known/acme-challenge/ folder if 1) the folder exists, and 2) it has wrong permissions, and 3) your website has a security breach or it runs on shared hosting. You can check if the folder actually exists by trying to open this URL in an incognito browser window: https://your-website-domain.com/.well-known/acme-challenge/ If it does not, you have to see the 404 Page Not Found Error in your browser and Cerber’s log.

    Ask your website admin to make sure that if the /.well-known folder exists, the folder and its child folders have proper permissions: no write access is granted for the user the web server is running as.

    Thread Starter ljfent

    (@ljfent)

    Hello,

    Thanks for the reply.

    I checked the server and there is no directory by that name. The Cerber traffic report is also displaying a 404 page not found.

    Is there anything else I can consider; any way to block the attempts? I have blacklisted the IP.

    Thanks,

    Plugin Author gioni

    (@gioni)

    I would proactively create the “.well-known” and nested “acme-challenge” folders with no write permissions for the web server’s user (process owner).

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Acme challenges in WP Cerber’ is closed to new replies.