superacecasino,free online casino games com.Recharge Every day and Get Bonus up-to 50%!

Forum Replies Created

Viewing 1 replies (of 1 total)

Forum: Plugins
In reply to: [WP Cerber Security, Anti-spam & Malware Scan] Google Bot is blocked – Malicious request denid
nicholasvad
(@nicholasvad)

5 years, 1 month ago
Very suspicious url requests – apparently from googlebot
What is so suspicious about these url requests (just below) is that:
- They use the non-standard directory mysite.com/content/…
  The standard folder is /wp-content/…
  That makes me think it can’t be from Google
- They are for plugins I don’t have, and the folders clearly cannot exist
Although the IP address is apparently owned by Google when I click for more detail, what sort of crawler program searches for directories which are completely non-standard?
If this really is from Google, maybe you could contact them, Gioni to say that these requests seem very odd? I tried replying to the network-abuse email listed, but I haven’t had a reply, and maybe you will have more clout than I do, Gioni?
If these IP addresses are not being used by legitimate Google crawlers, then they are malicious and should be blocked. I’m not completely sure, and I haven’t been blocking them, but I am suspicious.

XXX.YYY.65.227 crawl-XXX-YYY-65-227.googlebot.com 14/01/2020, 10:20 am Malicious request denied IP address is locked out URL: mysite.com/content/plugins/gravityforms/js/placeholders.jquery.min.js

XXX.YYY.65.226 crawl-XXX-YYY-65-226.googlebot.com 14/01/2020, 10:20 am Malicious request denied IP address is locked out URL: mysite.com/content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css

googleusercontent clearly malicious
I also saw an Internet request from an IP address with a server name including ‘googleusercontent’. I have not been blocking them for the same reason that everyone else has been cautious – I don’t want to block a Google crawler. However I saw four different IP addresses making the same request – which is clearly malicious.

The point I take away is that just because someone puts ‘google’ in the server name, it doesn’t mean that really is from Google.

XXX.YYY.126.206 mail.aris-vn.com 14/01/2020, 5:05 pm Probing for vulnerable PHP code Denied URL: mysite.com/adm.php

XXX.YYY.153.39 ip-XXX.YYY-153-39.ip.secureserver.net 14/01/2020, 4:24 pm Probing for vulnerable PHP code Denied URL: mysite.com/adm.php

XXX.YYY.172.3 3.172.YYY.XXX.bc.googleusercontent.com 14/01/2020, 2:34 pm Probing for vulnerable PHP code Denied URL: mysite.com/adm.php

XXX.YYY.193.48 sh4-1.1blu.de 14/01/2020, 2:24 pm Probing for vulnerable PHP code Denied URL: mysite.com/adm.php

Viewing 1 replies (of 1 total)