Frontend, Seems OK; Backend? Buggy!

  • It seems to roam throughout the backend even when you aren’t logged in and just goes ham on everything. It kept requesting server data like what type of headers; if xmlrpc was disabled.

    The information the plugin kept requesting as if it was attacking my site:

    HTTP_SEC_FETCH_DEST
    HTTP_X_FB_HOST
    SERVER_PROTOCOL
    SCRIPT_FILENAME
    REQUEST_METHOD
    HTTP_DNT
    ADMIN-AJAX.PHP
    XMLRPC.PHP
    CLASS-WP-HOOK.PHP
    PLUGIN.PHP
    WP-LOGIN.PHP
    USERS.PHP

    I know it was the plugin because I logged over 20 requests a second, and when I disabled the plugin, they stopped. They also came from my server IP, and as an admin user. I re-enabled, and boom, they started adding up again.

    They also sent over 25000 LIST operations to my AWS S3 bucket in 6 hours.

  • The topic ‘Frontend, Seems OK; Backend? Buggy!’ is closed to new replies.