Security question

Hackers do specific searches like that through the browsers URL text box to find weak spots. This is noted more when your list of plugins do not include “CKEditor for wordpress”.

I get that stuff all the time.

What they are searching for are known hacks or open doors caused by poor plugins or poorly coded script files.

This actually helps you identify a bad plugin and makes the mark that it is time to get rid of it if you have that plugin.

Block Hacker Access Requests
You can insert a block to this kind of queries in WordFence.

1.WordFence > Firewall > Advanced Firewall Options
– go to, “Immediately block IPs that access these URLs”,
– enter into the text box the URL that the hacker used to access your site, one entry per line,
– save
You can read more here: https://www.wordfence.com/help/firewall/options/?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIcon#immediately-block-urls – see “Immediately block IPs that access these URLs”

2.WordFence > Firewall > Rate Limiting
– ensure this is “On”
– check “Immediately block fake Google crawlers”,
– go to “How long is an IP address blocked when it breaks a rule” and choose how long you want that violator locked out.
– then save.

Hope that helps.

(fixed the spelling in your tags below)

Hi @neptun,

I did some snooping on your site and found that your website links to it:

https://neptunet.net/2014/10/26/windows-10-tulossa-onko-se-parempi-kuin-win-8/

Can you edit this page and remove the references to https://neptunet.net/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/smiley/images/teeth_smile.png?

Dave

(Hey Dave, when tending to all the posts here, and you get tired, remember not to slip with the keyboard and mistakenly put a “t” between the “w” and “f”. ?? )

Wanted to ask, is there anything to be mindful off when carrying out what I suggested above??

@neptun
Dave refers to this paragraph, it seems like a hidden image. This is the paragraph,

Milt? Windows 10 sitten n?ytt?? ja mit? perustoimintoja siin? on? Siit? saa tavallinenkin k?ytt?j? jonkinlaisen tiedon julkisuuteen saatettujen kuvien, videoiden ja tietojen avulla. T?m?n artikkelin otsikkokuvana on uuden Windows 10 ty?p?yt?n?kym?, klikkaa kuva n?kyv?ksi. Artikkelin lopussa on my?s Microsoftin video Win 10 olemuksesta ja k?yt?st? (kyll? sit?kin puolta esitet??n kun malttaa kehujen lis?ksi katsoa pitemm?lle laugh )

It is near the bottom of the article. Highlight the entire paragraph, then right click it and click “View selection source” (in FireFox).

Hi @mwarbinek,

Haha, I’ll be sure to be mindful of typos! ??

As for your suggestions, it looks like it’s solid! It covers how to block someone if they’re repeated accessing the URL maliciously.

However, in this situation, one of the pages on his site links off to a 404 page. Blocking anyone if they access teeth_smile.png would be blocking off legitimate traffic.

Dave

Hello all! You’re great.

That was the problem at least with human users. Those post witches, of which Dave put the example, are old. An example of an article from 2014. That time was Ckeditor in use and typos are from it. I will examine all old post to find all wrong smileys.

Thank you very much for your fine support work!

Hi again,

I forgot to mention that the bot users may also face the same issues due to caching. Sites like waybackmachine may have a previous version of those pages saved, so when they try to fetch images from that page, it will result in 404 connections to your site.

For this reason, I wouldn’t recommend blocking users that attempt to access that URL.

Dave

@neptun
Another suggestion… “If” the old post at issue has a different author, I would reset their password. It is possible that the users credentials may have been compromised?

OK, the thing is in the care when the cause came out. You know, all of those smileys aren’t in the articles. Most of them appear in the comments, and there are a lot of them, oops!

Thanks again!

https://www.nice1.ga