403 with admin-ajax.php?_fs_blog_admin=true
-
With this plugin I am encountering random 403 when accessing admin pages:
# rg _fs_blog_admin=true | grep -cw 403
9# rg _fs_blog_admin=true | grep -w 403
access-wordpress.log:93.56.x.x – – [11/Aug/2019:11:43:22 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:29:28 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:34:29 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:39:30 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:44:31 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:49:32 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:54:34 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:59:35 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:10:15:43 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”In the same timeframe, the corresponding IPs are logged in and do not encounter any problems when using the administrative area of WordPress:
403 is the second hit, after that there is a 200:
1575:93.56.x.x – – [11/Aug/2019:11:42:25 +0000] “GET /wp-admin/admin-ajax.php?action=blc_dashboard_status&random=0.7248542563550722&_fs_blog_admin=true HTTP/2.0” 200 201 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
1577:93.56.x.x – – [11/Aug/2019:11:43:22 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
1580:93.56.x.x – – [11/Aug/2019:11:44:26 +0000] “GET /wp-admin/admin-ajax.php?action=blc_dashboard_status&random=0.4630210098776505&_fs_blog_admin=true HTTP/2.0” 200 201 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
1587:93.56.x.x – – [11/Aug/2019:11:46:27 +0000] “GET /wp-admin/admin-ajax.php?action=blc_dashboard_status&random=0.6353487338287&_fs_blog_admin=true HTTP/2.0” 200 201 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
1591:93.56.x.x – – [11/Aug/2019:11:47:38 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 200 87 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”403 interleaved with 200:
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:28:12 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 200 107 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:29:28 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 403 22 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”
access-wordpress.log.1:93.35.x.x – – [10/Aug/2019:09:30:11 +0000] “POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/2.0” 200 67 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0”Clearly, _fs_blog_admin is something that comes from this plugin:
wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/config.php
wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/includes/class-freemius.phpIs there something I am missing? Why do I encounter these random 403?
- The topic ‘403 with admin-ajax.php?_fs_blog_admin=true’ is closed to new replies.
