Constant Malicious connections

Do they connect to wp-admin/ ? If you are using vps, try fail2ban. It temporary block ip if connection count to wp-admin/ more then certain limit.

It’s easier to block if you know what they’re trying to do. How have you established that these are malicious connections?

Meanwhile, you may want to implement some (if not all) of the recommended security measures.

Firstly, I’m super impressed by this lovely and caring community! ??

These are the top 3 locations they are trying to connect:

– /wp-content/plugins/hun/ (this folder showed up after the hack. Obviously that was one of the corrupted folders that contained malicious files. That folder does not exist anymore.)
– robots.txt
– mainpage

That folder does not exist anymore.

Excellent, so that’s good for the malicious traffic directing there. No file means they can’t do anything. Eventually they’ll just go away.

As for the alleged malicious traffic hitting robots.txt and the main page, how have you established that this traffic is malicious?

Please give us as much detail as possible so we can suggest a decent strategy.

Sorry for delayed reply!!

I know that bots are looking my site for indexing purposes (which is good). Maybe I’m just too paranoid thinking the robots.txt connections are made malicious purposes because they are coming from France, German, Russia, USA etc.

Do you thinkg that someday bots will stop connecting plugins/hun folder?

Thanks!

Maybe I’m just too paranoid thinking the robots.txt connections are made malicious purposes

There’s really no such thing as malicious traffic to robots.txt, as all that file does is tell bots what not to index. If they’re visiting it, they’re doing things right.

There are plenty of bots out there who don’t even bother to look at robots.txt, those are the bad ones. ??

Do you thinkg that someday bots will stop connecting plugins/hun folder?

I’m not sure what you mean by that. Would you please clarify?

Bots are still connecting to the old (hacked) hun folder which was located in the plugins folder. Like you stated, bots can’t do anything because there is no such folder anymore.

What i meant was: Will the bots ever stop connecting to that folder?

It’s down to how the bots are coded. There are plenty of dumb bots that don’t check if files exist and continue to visit the folder.

They will eventually stop, if they’re programmed to stop after a certain time, or the server they’re running from is shut down. They will stop.

Today my customer called me and told there is something horrible happening on the website. After i went to website i saw this:

https://postimg.org/image/y27msh2xl/

Since the last hack, i made a clean updated wordpress installation with updated plugins. This time the hack seems different than the last one because I didnt notice other than index.php was changed…

Is this a common problem? What the duck should i do? Could there be problem with service provider?

Should i make a new post about this one? Thank you in advance <3!

Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

And yes, this time you should implement the security measures.

Thanks for your advice! I will read those articles carefully and report the results soon.

Hackers are becoming a pain in the ass for me ??

You’re welcome!