oscarly

Forum Replies Created

Viewing 1 replies (of 1 total)
  • Thread Starter oscarly

    (@oscargomezpagelycom)

    Thanks @amagsumov !

    If it’s of any help: We observed the same behavior on a clean WP installation, with only the akismet & cleantalk-spam-protect plugins active.

    Then activating the cleantalk-spam-protect plugin with [Get Access Key Automatically].

    While this was going on, we printed out the $unzipped_content variable, which its value was set to:

    
0,"(.*)",1

    Along with the access logs, some requests like below were automatically coming in:

    
GET /?spbc_remote_call_token=[TOKEN]&spbc_remote_call_action=sfw_update__worker&plugin_name=apbct&test=test HTTP/1.1" 200 536 "APBCT-wordpress/5.160; https://example.com"
GET /?spbc_remote_call_token=[TOKEN]&spbc_remote_call_action=sfw_update__worker&plugin_name=apbct&test=test HTTP/1.1" 200 573 "APBCT-wordpress/5.160; https://example.com"
GET /?spbc_remote_call_token=[TOKEN]&spbc_remote_call_action=sfw_update__worker&plugin_name=apbct HTTP/1.1" 200 0 "APBCT-wordpress/5.160; https://example.com"
GET /?spbc_remote_call_token=[TOKEN]&spbc_remote_call_action=sfw_update__worker&plugin_name=apbct&test=test HTTP/1.1" 200 536 "APBCT-wordpress/5.160; https://example.com"
GET /?spbc_remote_call_token=[TOKEN]&spbc_remote_call_action=sfw_update__worker&plugin_name=apbct HTTP/1.1" 200 0 "APBCT-wordpress/5.160; https://example.com"
GET /?spbc_remote_call_token=[TOKEN]&spbc_remote_call_action=sfw_update__worker&plugin_name=apbct&test=test HTTP/1.1" 200 573 "APBCT-wordpress/5.160; https://example.com"

    (Not all that familiar with the plugin or those requests, but wondering if that’s firing the update( function hooks. Causing the TRUNCATE TABLE wp_cleantalk_ua_bl sql queries.)

Viewing 1 replies (of 1 total)