Log entry

  • Hi all,

    I run a multisite setup and have had a handful of the following in my logs in the past 24 hours. Is this someone trying to recover a lost password or something more sinister?

    The IP which looks suspicious to me.

    
Aug 11 18:12:11 hawking.trisect.uk changelog.log: 85.25.185.175 - - [11/Aug/2018:18:12:11 +0100] "GET /user/password?name[%23post_render][0]=printf&name[%23markup]=ABCZ%0A HTTP/1.1" 404 16141 "-" "Python-urllib/2.7"

    Should I let this go or drop the IP on the firewall?

    Thanks for looking

    • This topic was modified 6 years, 7 months ago by Jan Dembowski.
    • This topic was modified 6 years, 7 months ago by Jan Dembowski. Reason: Move to Fixing WordPress where it belongs
Viewing 1 replies (of 1 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Looks to me like someone probing your site. If it continues, take the iptables route our use a plugin like WordFence to automatically block such things.

Viewing 1 replies (of 1 total)
  • The topic ‘Log entry’ is closed to new replies.