Major ?wordfence_syncAttackData for genuine visitors

  • Tried to search for this problem and I find references to “own IP” hitting this error message. But that’s not my problem.

    People who seem to be genuine visitors seem to be ending up here.

    In the Wordfence Live Traffic I get entries like this: 

    United Kingdom Heywood, United Kingdom left https://**mysite.com**/a-blog-post/ and visited https://**mysite.com**/?wordfence_syncAttackData=1475919737.92
09/10/2016 11:18:59 (7 hours 8 mins ago)   IP: 195.20.222.99 [block]   Hostname: 195.20.222.99
Browser: Chrome version 0.0 running on Win7
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

    and 

     Sheffield, United Kingdom left https://**mysite.com**/another-blog-post/ and visited https://**mysite.com**/?wordfence_syncAttackData=1475919737.92
09/10/2016 11:38:53 (6 hours 50 mins ago)   IP: 83.216.151.241 [block]   Hostname: 241.151.216.83.dyn.plus.net
Browser: Chrome version 0.0 running on Android
Mozilla/5.0 (Linux; Android 5.1.1; SM-J320FN Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36

    I see loads and loads of these and it seems it’s happening only to genuine visitors.

    Can anyone shed some light? Are visitors ending up on some error page? Or otherwise being blocked from browsing my site? It seems to be the case that whenever I have an entry like this the visitor doesn’t proceed to any other pages of my site. ??

Viewing 7 replies - 1 through 7 (of 7 total)

  • Did you see this?

    Hi stanlight,
    Actually, “wordfence_syncAttackData” is used to update the “Live Traffic” with information about any recent attacks on your website, to help us to figure out why you are seeing these entries in the “Live Traffic” feed, please load this URL with ?wordfence_syncAttackData parameter in your browser and let me know what you will get (blank page, homepage, 404 error page, etc…).

    Thanks.

    Thread Starter StanLight

    (@stanlight)

    garomans, thanks for the link. But I’m unable to fathom from there what’s actually happening in terms of what my visitors are seeing. Do they get an error message or is the visitor seeing the page as normal and this is just being recorded in the Wordfence Live Traffic view as a syncattack?

    wfalaa, it’s happened again today and I tried loading that URL in the browser and … I get nothing. Just a blank page. There is nothing in the source code either.

    Is this what my visitors are seeing then? (And if so, how do I rectify?)

    Actually, “wordfence_syncAttackData” is used to update the “Live Traffic” with information about any recent attacks on your website

    A visitor arrived today following a link from a website that sends me regular traffic. He visited one page and then a few seconds later visited another page and nothing looks odd there. Then 10 minutes later he tries a third page and this is the entry I get:

    United Kingdom Gillingham, United Kingdom left https://**mysite.com**/?tcb_lightbox=lightbox-about and visited https://**mysite.com**/?wordfence_syncAttackData=1476972601.9

    He didn’t visit any other pages. So are these visitors hitting a blank page and then just leaving my site in frustration?

    Many thanks.

    • This reply was modified 8 years, 4 months ago by StanLight.
    • This reply was modified 8 years, 4 months ago by StanLight.

    Yes, the default response is getting this white blank page, and you shouldn’t be worry about that because your visitors don’t actually visit this URL and see this blank page, this URL is loaded in the background (like Ajax calls) while they are still looking at the current page URL, for example: https://**mysite.com**/?tcb_lightbox=lightbox-about in your last reply.

    Thanks.

    Hi there

    I am getting this issue on my site too, lots of syncattack logs and genuine users seeing a Wordfence block page.

    wfalaa – I tried visiting the ?wordfence_syncAttackData URL you suggested and it took me to the homepage.

    I’m a noob to this level of WordPress, can anyone advise how I might stop this?

    Thanks

    Hi @saycey
    Regarding “wordfence_syncAttackData” URLs in Live Traffic, it could be another plugin/theme causing this issue, I suggest disabling all your other plugins and re-check this issue, also you can revert back to the default WordPress theme and give it a try.

    P.S. in the future it’s recommended to open a new support thread for your questions.

    Thanks.

    Thank you @wfalaa. I will try those suggestions. Final point noted!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Major ?wordfence_syncAttackData for genuine visitors’ is closed to new replies.