xmlrpc and site ru in 404 logs

  • Resolved david2432

    (@david2432)


    4 years, 7 months ago

    My SEO plugin generates many logs in 404 monitor. Most of them are from xmlrpc.php with user agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)MSIE 6.0 (this is not mine) and with empty refferer; Others are coming from https://site.ru in mysite.com/cache/wp_asx.php.
    I have completely blocked WP XML-RPC and Pingback in firewall settings (also blocked Access to debug.log File), hardened user login feature and added site.ru to blocked user agents list…
    What else should I do?

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, have you enabled one of the Brute Force features like Rename Login Page?

    Thank you

    Thread Starter david2432

    (@david2432)

    No. Is that necessary? Could you tell me please what is wp_asx.php?! can’t find any info about it…
    Also, is enabling both: WP XML-RPC and Pingback good idea? Maybe first one already includes the second!?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    No. Is that necessary?

    Yes, it will help you very much.

    Could you tell me please what is wp_asx.php?! can’t find any info about it…

    That file is located in your cache folder.

    Also, is enabling both: WP XML-RPC

    You only need to enable one of the two options.

    and Pingback good idea?

    Yes it is a good idea.

    Kind regards

    Thread Starter david2432

    (@david2432)

    I agree, this cookie based prevention is a good feature, but, how can I know if my theme or plugins use Ajax, should I write and ask all of them?!

    Plugin Contributor mbrsolution

    (@mbrsolution)

    I think your best option is to find out where does this file wp_asx.php comes from. Do you know if your site has been compromised?

    Thank you

    Thread Starter david2432

    (@david2432)

    I did scan it, does not seem to be compromised. After some modifications I don’t see wp_asx.php in logs anymore, though it might reappear.
    Currently my main concern is that I see many xmlrpc logs in 404 monitor of my Seo Rank Math plugin, it also logs user agents and those user agents start with “Mozilla 4…” which seems outdated version of Firefox, not sure what this could mean… I also have enabled monitoring 404 in Aiowps and it does not show these. Rank Math has the option to ignore “query parameters” in its 404 settings. I turned it now to ignore and will see if xmlrpc will still appear.
    My question above was about Aiowps one of the function “Check this if your site uses AJAX functionality” which is found when turning on brute force protection as you suggested. I have several plugins but don’t know which of them uses Ajax.
    Also, could you tell me if 404 logs in Aiowps are deleted automatically after some period of time?!
    Thank you and sorry if asking too much questions.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Also, could you tell me if 404 logs in Aiowps are deleted automatically after some period of time?!

    You will need to delete the logs entries if they get too big.

    Let me know if you need more information or help.

    Thank you

    Thread Starter david2432

    (@david2432)

    Just interesting for the info: my 404 logs show the IPs: 77.202.57.169, 72.51.113.82 and 66.249.65.247.
    About the first two – 77.202.57.169 and 72.51.113.82 I found on the website abuseipdb.com where other users also reporting the same XMLRPC/wp-login.php attacks similar of mine. Here are the links:
    https://www.abuseipdb.com/check/77.202.57.169
    https://www.abuseipdb.com/check/72.51.113.82
    The third IP – 66.249.65.247 seems to be google search spider. Why this appears in 404 I still don’t know.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘xmlrpc and site ru in 404 logs’ is closed to new replies.