Can an attacker track my logins and attempt to piggyback
-
URL 50.116.84.13 has launched hundreds of attacks on my site:https://theeaglesaerie.homeoftheeagle.com/
This attacker is blacklisted but, for at least 3 months, has attacked my site every day, usually in concert with another URL, 69.46.36.28, also blacklisted.
A pattern has developed in that, immediately upon my logging into my site, an attack is launched by 50.116.84.13, and deflected by Cerber. While the attack shows the URL of the attacker, the “local user” is listed as me.
This is, instantly followed by an accepted REST API from my URL and, instantly a GET REST API HTTP 403 Forbidden by my URL
This is then followed by, from 3 to 100+, entries by my URL:
https://theeaglesaerie.homeoftheeagle.com/wp-admin/admin-ajax.php
POST HTTP 400 Bad RequestThese continue until some new traffic entry interrupts them.
This pattern occurred every time that I logged in, until recently, I exported my traffic log and deleted all records.
For 2 days no attacks followed my logins. Today they resumed and continue to follow the same pattern as before.When working in concert 50.116.84.13 always attacks with:
“https://theeaglesaerie.homeoftheeagle.com/wp-admin/admin-ajax.php?action=wordfence_testAjax”URL 69.46.36.28 always, instantly follows with:
“https://theeaglesaerie.homeoftheeagle.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=standard&cronKey=4afea0857d29577ab4a0da812e7fe70f&signature=1dc38d72c5627d952743b7a26601f95fc4dc9cb9df19b99f4e5064046594932d&remote=1”changing the cronKey with each attack, which can number more than a dozen a day.
These attacks can occur on their own but at least 1 attack will almost always occur (95%+) whenever I log in and Cerber seems unable to prevent them.
The page I need help with: [log in to see the link]
- The topic ‘Can an attacker track my logins and attempt to piggyback’ is closed to new replies.
