Bot using Regix (.*) when scanning site

  • Resolved alissit

    (@alissit)


    4 years ago

    I have a bot landing on a client site using https://clientwebsite.com/(.*) (This site is running strict SSL)
    It’s hitting every page/post/CPT with the regix expression tagged on to the end.

    I’ve not seen this before. Is normal behaviour or should I block it?
    It’s the same IP address, but no reports of it being blacklisted anywhere.

    The IP address is actually coming from the same network that my clients IP address is within.

    Suggestion?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @alissit thanks for reaching out to us to check this over.

    The (.*) syntax is actually more consistent with a URL rewrite rule as seen in .htaccess files rather than something that’d be appended to, or dangerous when accessing, a URL. However, I can’t rule out a vulnerability with wildcard (*) terms in a certain plugin where this bot is randomly hitting sites to see if they can exploit it. Often bots will randomly try sites based on known vulnerabilities without even checking for installed plugins, so there’s no certainty you even installed the plugin with the vulnerability they’re looking for.

    I simply recommend keeping your plugins and WordPress up-to-date, and try blocking the ‘offending’ IP if you’re receiving regular and unacceptable amounts of traffic attempting hits on these URLs.

    Thanks,

    Peter.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @alissit, I hope that pointed you in the right direction and you’re not having trouble related to this issue.

    If you need further assistance with Wordfence in the future, don’t hesitate to start a new topic and we’ll be glad to help you!

    Thanks again,

    Peter.

    Thread Starter alissit

    (@alissit)

    Thanks Peter!
    I didn’t see the reply until now. I’ll check out the htaccess files and server setup.
    We copied & moved the entire site from one domain & hosting to a new domain & hosting. It wasn’t happening on the previous set up, so most probably something to do with the new host & htaccess or server.

    Thank you very much!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Bot using Regix (.*) when scanning site’ is closed to new replies.