Site Lockout Notification Generated Daily at 3:50am
-
I’m using the free version of iThemes Security (among other security plugins) on the website I built for the local small business where I work. Every day at approximately 3:50am EST (sometimes it’s 3:51, sometimes it’s 3:49, you get the idea) I get a site lockout notification email with an IP address and the message “too many attempts to access a file that does not exist.” I’ve checked the IP addresses listed and they come from different places (the most recent three were in San Jose, then two from the Seattle area, then one from DC) but the ISP is always listed as Microsoft Corporation. (I can post some screen shots or other info about the IP addresses if that would be helpful.) I don’t know enough to know what this indicates is happening. Is someone trying to hack the site every day at 3:50am? Or is it a Microsoft search engine bot looking for something? I can add the IP addresses to the ban list, but that is reactive and if something bad is happening I’d like to be proactive if possible.
-
Hello,
I just randomly came across this. It is highly unlikely that there is any specific intent behind these. I see them all the time on numerous websites I run for people.
These are just bots that are randomly searching in their “list”. The list might be previously compromised sites, but is most likely just tens of thousands of IP’s in sequential order.
They are looking for pages or files on websites that are either known infected pages OR pages that are known to have vulnerabilities. If one of the pages exist then the bot will log that information and that will be used by whomever initiated this to try and hack the site.
Since the page(s) do not exist on your site are OK.
I find these types of notifications rather annoying. There is not much that can really be done in my opinion.
- The topic ‘Site Lockout Notification Generated Daily at 3:50am’ is closed to new replies.
