over 800 attacks in 10 minutes-not sure what to do

  • Resolved kevinritt

    (@kevinritt)


    2 years, 2 months ago

    I’m not sure what I am supposed to do but I’ve received several emails from my website stating that there have been 230+ blocked attacks. Is there something that I need to do?

    Here is what one of the messages looked like:

    the Wordfence plugin at Tuesday 3rd of January 2023 at 11:43:26 PM
    The Wordfence administrative URL for this site is:?https://seacoastwebdevelopment.com/wp-admin/admin.php?page=Wordfence
    The Wordfence Web Application Firewall has blocked 230 attacks over the last 10 minutes. Below is a sample of these recent attacks:January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: form_fields = extractvalue(1,concat(char(126),md5(1472395017)))
    January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: queried_id = (select*from(select+sleep(3)union/**/select+1)a)
    January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: queried_id = 1041″and(select*from(select+sleep(0))a/**/union/**/select+1)=”
    January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: form_fields = admin”and/**/extractvalue(1,concat(char(126),md5(1402313279)))and”
    January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: queried_id = (select*from(select+sleep(0)union/**/select+1)a)
    January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: queried_id = 1041’and(select*from(select+sleep(3))a/**/union/**/select+1)=’
    January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: form_fields = admin’and/**/extractvalue(1,concat(char(126),md5(1330709445)))and’
    January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: queried_id = extractvalue(1,concat(char(126),md5(1500745412)))
    January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: queried_id = 1041’and(select*from(select+sleep(0))a/**/union/**/select+1)=’
    January 3, 2023 11:43pm? 212.102.49.215 (Spain)? ? ?Blocked for SQL Injection in POST body: form_fields = extractvalue(1,concat(char(126),md5(1211006291)))

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @kevinritt, thanks for getting in touch.

    My general advice is that Wordfence does all of the important blocking for you automatically so you don’t have to implement a manual blocking regime – which can be time consuming to keep up with current IP ranges etc. The behavior or intent of the humans/bots making these requests is more important to Wordfence when making a decision on blocking.

    However, I also understand that if your site is being hit quite hard, you might want to try stopping that. Manual blocks via the Live Traffic page (after clicking an entry and hitting the Block IP button) will block an IP for the duration you have specified under Wordfence > All Options > Rate Limiting Rules > How long is an IP address blocked when it breaks a rule, which could be as low as 5 minutes. You can increase this value to hours or even days to try stemming the flow of retries if you’re noticing a lot of activity from certain specific IPs.

    During the time when these IPs are blocked, they’ll appear on the list in the Wordfence > Blocking page. It is possible to click the “Make Permanent” button here after checking the box next to one or more IPs.

    I hope that helps you out!
    Peter.

    Thread Starter kevinritt

    (@kevinritt)

    Thank you for the information.

    Plugin Support wfpeter

    (@wfpeter)

    Always happy to help @kevinritt. If you have further Wordfence questions in the future by all means start up a new topic and we’ll be glad to assist any time.

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘over 800 attacks in 10 minutes-not sure what to do’ is closed to new replies.