Lots of 404 errors in security log lately

  • I have a couple of personal websites with a hosting company. Lately I keep getting these groups of 404 error hits every day. I don’t know if they are hacking attempts, referral spam, or what it is. Here are two typical traffic hits for today (I am going to list some of the 404’s because there can be as many as 17 at a time from the same ip):

    This one is a new set from <ip removed> I just got today with a bunch of 404 errors in a row:
    /wp-content/plugins/nmedia-user-file-uploader/readme.txt
    /wp-content/plugins/gallery-plugin/gallery-plugin.php
    /wp-content/plugins/auto-attachments/a-a.css
    /wp-content/plugins/wpstorecart/lgpl.txt
    /wp-content/plugins/category-grid-view-gallery/cat_grid.php
    /wp-content/plugins/wpmarketplace/readme.txt
    /wp-content/plugins/wp-property/action_hooks.php
    /wp-content/plugins/magic-fields/MF_Constant.php
    /wp-content/plugins/resume-submissions-job-postings/installer.php
    /wp-content/plugins/nextgen-gallery/changelog.txt
    /wp-content/plugins/ckeditor-for-wordpress/ckeditor.config.js

    Now this one from <ip removed> has been hammering me everyday since May of this year with 6 to 12 sets of 404 hits in a row on average:
    /live1/wp-admin/admin.php
    /live1/wp-admin/index.php
    /live1/wp-admin/update-core.php
    wp-admin/plugins.php
    wp-admin/post.php
    wp-admin/post-new.php
    wp-admin/options-general.php
    wp-admin/plugin-install/php
    wp-admin/update.php
    That ip is from a cloud hosting company’s main ip address, so since I can’t find who owns the virtualized instance, I filed a complaint with the cloud company and this was the customer’s reply who was actually accessing my website:

    “Hi,
    We blacklisted the domains *.bluera.com, *.explorance.com, *.explore-blue.com.

    Regarding list of toolbars — we don’t work with any toolbars directly, we’re buying anonymized traffic in bulk from aggregators. We can’t provide any list of toolbars because we simply don’t know it.”

    I didn’t ask about toolbars, so I don’t know what that is all about; probably a canned response to all the complaints. This was yesterday, and so far today I am actually getting double the amount of hits on my website. I guess that was in retaliation for filing a complaint!

    So, what is going on? Is this just the future of the Web and I have to live with it?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Bill

    (@chubbycrow)

    It’s quite common to have bots (or humans) scouring the web for plugins with known vulnerabilities, or for unprotected core directories and files. Keep your WP installation, plugins, and theme(s) updated, and dump plugins and/or themes that aren’t being kept updated.

    I would recommend (if you aren’t already using one) installing one of the top-rated security plugins for some added protection.

    Also, go over this page for some things you can do to protect your site.

    Thread Starter pjc123

    (@pjc123)

    Yes, I have various layers of security employed and keep everything up to date. What I did discover today in my security plugin were some values that I tweaked that will increase the sensitivity to 404 hits and automatically permanently ban abusive sites.

    Bill

    (@chubbycrow)

    Good deal. Carry on. ??

    I am following your advice above Bill! I tried deleting some themes but they aren’t deleting and are taking forever. Is there any other way to delete them?

    Kitty

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Lots of 404 errors in security log lately’ is closed to new replies.