New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Strange access to my WordPress blog
Hi,
I have small blog with only +-200 pageviews per day.
Since few weeks ago, i notice strange access to my wordpress blog. And the logs file become very big. It can be thousand of MB in few hours.
It access my blog around 1-5 request per second from different IP. I'm not sure about the frequency as i can't measure it.
I use nginx & php5-fpm on debian 6.
It is just my hobby blog with no ads ( so i can't imagine any reason to attack my site).
I have tried to protect the wp-admin directory to only permit access from certain IP, but it seems that my nginx conf not right yet
location /wp-admin/ { allow my.ip; deny all; }
Any suggestions?
Thanks before
Comments
Have you restart nginx?
@giang
Yes
That method didn't work for me either. Here's how I solved it. At the end of the server block, after all other directives, put this:
Where the first IP addresses are the ones you want to connect from. That breaks you out the last directive, which just says, if not its own IP address, rewrite all requests to wp-admin and wp-login.php.
What version of wp are you running? That's a very old hack from many years ago:
http://core.trac.wordpress.org/ticket/10841
Wondering if it's returned.
edit: This too: http://wordpress.org/support/topic/what-are-requests-for-wp-adminadmin-ajaxphp
@BuzzPoet
Thanks, i will try your solution
@drmike
It is newest version of WP, maybe 3.2.1?
"It is where all ajax requests are delegated. It is not exclusive to logged in users. " So, it is not security issue?
If it is not security issue, i still annoyed with excessive logging. It can distract me from real hacking attempt
@BuzzPoet
I have tried your solution.
With your solution, wp-admin can be restricted.
But the visitor can't give comment, even after i commenting your wp-comment-post rewrite