0815noname

Forum Replies Created

Viewing 1 replies (of 1 total)
  • Thread Starter 0815noname

    (@0815noname)

    Hi Dave,

    Thank you for your fast reply and your recommendation.

    I was checking our weekly Wordfence report after I have posted that. I was looking for IP addresses from Switzerland (because it looks odd to me to have blocked IP addresses from Switzerland while other countries such China, India etc. are usual). And there were more such entries. Most block counts last week had the IP address from my host, but there were others:

    #1 2a00:d70:0:b:2002:0:d91a:3755 // Switzerland // 979
    #2 45.55.41.191 // United States // 60
    #3 120.27.6.97 // China // 21
    #4 2a02:1206:458a:3d40:106b:69f8:11d7:f21a // Switzerland // 11
    #5 2a02:120b:7fc:ff50:56d:9d09:65d4:2de5 // Switzerland // 8
    #6 2400:6180:0:d1::827:1001 // Singapore // 7
    #7 2400:6180:100:d0::19f8:2001 // India // 6
    #8 2001:8d8:965:2be5:a330:d16d:4548:0 // Germany // 6
    #9 2a02:120b:2c69:aed0:5cf1:8abb:6513:d7be // Switzerland // 6
    #10 2a03:b0c0:1:e0::4dc:a001 // United Kingdom // 6

    Filtering the IP addresses in Live Traffic Advanced Filters, most wordfence_syncAttackData and wp-cron.php were from IP #1 (as in my preview post), #4 showed no result #5 and #9 showed the following results:

    Stans, Switzerland left https://mydomain/kontakt/ and was blocked for UA/Referrer/IP Range not allowed at https://mydomain/?wordfence_syncAttackData=1568230128.9357
    23.9.2019 19:43:44 (1 day 13 hours ago)
    IP: 2a02:120b:2c69:aed0:5cf1:8abb:6513:d7be
    Human/Bot: Human
    Browser: Chrome version 0.0 running on Android
    Mozilla/5.0 (Linux; Android 9; SM-T830) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36

    Lucerne, Switzerland left https://mydomain/anmeldung/ and was blocked for UA/Referrer/IP Range not allowed at https://mydomain/?wordfence_syncAttackData=1568236314.5902
    23.9.2019 11:30:23 (1 day 22 hours ago)
    IP: 2a02:120b:7fc:ff50:56d:9d09:65d4:2de5
    Human/Bot: Human
    Browser: Chrome version 0.0 running on Android
    Mozilla/5.0 (Linux; Android 7.1.1; SAMSUNG SM-T550) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/10.1 Chrome/71.0.3578.99 Safari/537.36

    At the moment, Live traffic is showing wordfence_syncAttackData and wp-cron.php every view seconds from IP #1, http response is 503.

    I am not sure by whitelisting our host IP. Is there an attack ongoing or what do you think?

    Thank you for coming back to me.

Viewing 1 replies (of 1 total)