Post ?wordfence_syncAttackData

  • Resolved WPfanAR

    (@wpfanar)


    1 year, 6 months ago

    Hello, since yesterday we received +500 requests ?wordfence_syncAttackData at Wordfence Central.

    “Block IPs who send POST requests with blank User-Agent and Referer ” is enabled since always…

    WP core, plugins, and themes updated to last versions.

    Is there something we need to change?

    Information:

    Rosario, Argentina era bloqueado por Solicitud POST recibida con el agente de usuario y referente en blanco en https://********.com.ar/?wordfence_syncAttackData=1695229799.8687
    20/9/2023 14:09:59 (36 seconds ago)
    IP: 2800:6c0:2::95
    Humano/Bot: Bot
    WordPress/6.3.1; https://********.com.ar/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfmark

    (@wfmark)

    Hi @wpfanar, thanks for reaching out.

    Wordfence runs the wordfence_syncAttackData script to ensure malware signatures and rules are up-to-date with the latest ones we have released and to update the Live Traffic page. Usually, 403 or 503 blocks by the firewall trigger the need to sync, so seeing syncAttackData triggered with one of these HTTP error codes is expected.

    If you start seeing these requests excessively, your server’s IP address may be blocked. I recommend checking your Wordfence > Tools > Diagnostics page to see if you’re getting any errors under the Connectivity section> Connecting back to this site.

    Let me know what you find.

    Thanks,

    Mark.

    Thread Starter WPfanAR

    (@wpfanar)

    Hello Mark, thanks for your reply. In order to avoid this situation I deactive option “Block IPs who send POST requests with blank User-Agent and Referer”

    Regards, Myriam

    Plugin Support wfmark

    (@wfmark)

    Hi @wpfanar ,

    Thank you for getting back to us.

    Typically, the Block IPs who send POST requests with blank User-Agent and Referer option is one we recommend keeping enabled. You can see our documentation on that here: https://www.wordfence.com/help/firewall/brute-force/#block-blank-post

    Let us know if you’d like to look at the diagnostics to see if anything stands out going forward.

    Thanks,

    Mark

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Post ?wordfence_syncAttackData’ is closed to new replies.