Weird 404 Errors

Right then, a few examples of these ‘pages’ that are showing up as 404 errors:

New 404 – /wp-content/plugins/visual-form-builder/js/vfb-validation.min.js?ver=20140412
New 404 – /wp-content/plugins/visual-form-builder/js/jquery.validate.min.js?ver=1.9.0
New 404 – /wp-content/uploads/2016/07/idiot.jpg
New 404 – /wp-content/uploads/2016/06/10YearsLogo-Optimized-e1466371053735.jpg

…plus other various 404s, some of which are pages that were deleted years ago.

As you can clearly see, these ‘pages’ are not in fact ‘pages’, but plugins, uploads and forms, the vast majority of which are not on the site any more.

To save time and space, I’ll also list a few ‘keywords’ and the ‘pages’ they have been found on that sends a user to a wordfence code page:

/?wordfence_lh=1&hid=6525BA9B3849262F01AAD323401943C6&r=0.0067727780342967114
/?wordfence_lh=1&hid=DFA901FB32A26E81678BEF1CB77D0545&r=0.43370339158446125
/?wordfence_lh=1&hid=A2EF21618214A246352DD7A73F680204&r=0.7812811550461722

…so if I add the keywords widget, any user clicking on those links get taken to a wordfence code.

So these ‘pages’ are in reality wordfence codes that smack of a security problem.

If I delete any of the rogue 404s, they immediately reappear a few minutes later, suggesting that there is something drastically wrong with the way that SEO Booster collects it’s 404 information.

Keywords CANNOT be deleted so I cannot comment on that one.

As mentioned earlier, I’d LOVE to know where SEO Booster gets it’s 404 errors from!

Just a couple more of these 404s:

New 404 – /backup/sql.php
New 404 – /admin/sql/sql.php
New 404 – /MySQLDumper1.24.4stable/sql.php
New 404 – /MySQLDumper1.24.4/msd1.24.4/sql.php
New 404 – /MSD/sql.php

Now bearing in mind that I’ve never created any pages regarding MySQL dumps, I can only assume that this plugin is a serious security hazard.

Plugin deactivated until proved otherwise.

Hi Steveraven

I was busy last couple of days.

There is a problem with the Wordfence URLs that I can confirm; I will find a way to fix those.

However, everything else is not correct.

First, the 404 errors related to SQL that show up are not a security issue.

That is, in fact, a sign that someone is scanning your site, trying to see if you have left SQL dumps, or use old plugins that have known security problems. If these scripts find your website, they then have a way in. So, not an error – there are scripts trying to visit those URLs.

The scripts you are referring to are from an old version of your website. Everything is archived – try visiting your site via https://web.archive.org/ and check out an old version, you can see all kinds of 404 errors from missing .css, .js, etc..

So these URLs used to exist, now they no longer live – means they create a 404. Why these old pages are still visited, don’t know.

Also, those urls/images that you do not understand where are coming from, here are two examples of missing images on your website:

/wp-content/uploads/2016/07/idiot.jpg is missing from this page:
/incall-rates-idiots/

/wp-content/uploads/2016/06/10YearsLogo-Optimized-e1466371053735.jpg is missing from these 4 pages:

/desperado-number-blocking/
/interview-etiquette/
/incall-rates-idiots/
/ratings-and-reviews/

If you go visit those pages you can see the missing image for yourself – scroll down, they are in the “snippet-box”.

So, to your assumption this plugin is a security hazard: No, you are wrong ?? Have a nice day.

Ahhh right – those four blog posts are old ones and as we just started adding rich snippets, the profile for those posts got buggered up.

So that’s those four sorted out then, or at least they WILL be after we had tea.

Someone trying to scan the website to see if we’ve left SQL dumps, shouldn’t really come up as a 404 error – I leave ithemes security to handle that one. Maybe these should be re-listed under ‘Other Issues’ or something?

In reality, uploads shouldn’t come up as 404s either – even if they’re on buggered up blog posts. It just confuses the issue unless the 404 is a non-existent page.

There’s also the Wordfence page codes that are taking the place of keywords. That’s a main priority to sort out, otherwise the Keywords widget is rendered useless.

• This reply was modified 7 years ago by steveraven.

The purpose of the 404 module is to list missing content. Either from missing URLs or files from internal pages on your website, or visitors coming from external links.

Let’s say for instance you had an URL “/oldpage/” which you then delete.

You do no longer link to it anywhere on your site, but a friend of yours is linking to it from his website. Someone clicks the link (or a crawler) and goes to your site to /oldpage/ This error will show up on the list, letting you know you need to redirect or get the link changed.

There is no practical way to identify what 404 errors show up from vulnerability scans vs. previously mentioned /oldpage/ except maintaining a huge list of known URLs and then cross-reference this.

This could be a feature added in the future, but far outside the scope of the 404 module and the main purpose of this plugin.

Missing uploads -should- show up as 404 because when the file exists, it returns status code 200 (OK) – but when an image is missing an error page (404) is shown instead, meaning you have deleted the image or otherwise made a mistake. Again, the purpose of the module itself.

If you check the logs in iThemes Security you will see missing images show up as 404 Detection notices also.

Ok, I can go with some of that – and any 404s that come through Google are redirected as soon as I get notice of them.

The matter of the Keywords widget though remains –

If someone uses /?wordfence_lh=1&hid=A2EF21618214A246352DD7A73F680204&r=0.7812811550461722 to search for my site content they would get sent straight to a blank Wordfence code page.

Then again, no-one is going to be daft enough to search for /?wordfence_lh=1&hid=A2EF21618214A246352DD7A73F680204&r=0.7812811550461722 really, and if they did – and Google warned that it was 404-ing, it would get redirected.

So why does the keywords Widget place some outlandish search text (believe it or not, something like – dominant fems in latex) with the aforementioned wordfence code used as the anchor text, to which the user gets taken to on clicking?

• This reply was modified 7 years ago by steveraven.

Hi Steven

This should no longer be an issue as of the 3.3.15 release currently being deployed. It should be available shortly.

FYI – A recent version also introduced a setting to turn off 404 monitoring entirely.

Please let me know if the problem persists.

i got a lot of this 404 on my site too ..

this i have no clue how above the fold play with this because i do not have this plugin install on my site.

—
landing page >> /abtf-pwa-config.json?1523894407 (#2)
referer >> https://idiamondsjewelry.com/abtf-pwa.js?path=%2f
—-

Hello chealyte

Thank you for your example, I have added this to the next release of the plugin. I will keep this ticket open and close it once I have released the new version. Feel free to add more examples of urls that should be filtered out ??