I have a wordpress site hosted which is experiencing some kind of attack. My hosting stats show that my account has consumed 4GB of bandwidth in just 20 days. After some digging I found out that there have been more than 15,000 visits to my website in just few weeks. I checked my logs and found a pattern of GET requests. Thousands of IP’s are making a GET request on following url’s
1) /using-joomla/extensions/components/users-component/registration-form.html?layout=complete
2) /using-joomla/extensions/components/users-component/login-form.html
3) /?option=com_users&view=profile&layout=edit
4) /europe-tours/item/23-praesent-viverra-nisl-eu-enim-mollis-interdum.html
None of these URL’s exist on my website.
I also installed a security plugin which shows my website as a referer to all these url’s. I have no idea what is going on, so some help will be highly appreciated.
Your domain is just scanned for known vulnerabilities.
The server will usually respond with a
404and the bot should give up.Such traffic shouldn’t consume too much bandwidth, since the bot would either send a
HEADor simply aGETto that url.It all depends on how heavy your
404response is.If you don’t want to receive visits from these IP addresses anymore simply block the requests either at web server level or at network interface level.
You can do a simple test to see the size in bytes of one of those requests and then see if this is the real cause of your 4GB spike in bandwidth usage.
In a terminal run
curlwith-s(silent),-owrite the output to/dev/nulland print out thesize_downloadvariable.Should give you a value, which is the size in
bytesof your404page.Multiply by 15000, to get total size in bytes of all the requests.
Transform to GB and compare with the spike.