Replies: 0
Hello – I’m dealing with a very curious issue here. In my Wordfence > Firewall settings, under “Whitelisted URL’s” I am seeing a whitelisted URL that looks like this:
Param Created Source User IP Action
/wp-admin/options-general.php request.body[ad_code_bottom_1] 12/14/2016, 9:54:21 AM Whitelisted while in Learning Mode. MY ADMIN ACCOUNT MY IP ADDRESS
/wp-admin/admin-ajax.php request.fileNames[files][0] 12/17/2016, 3:01:27 AM Whitelisted while in Learning Mode. – 89.248.172.121
The first parameter is my own whitelist action.
I would like to call attention to the second parameter. I did not at any time specify that “request.fileNames[files][0]” parameter be whitelisted on my site, but it seems as if the attacker (89.248.172.121) has whitelisted it himself. How is this possible? I absolutely do not want users to be able to add whitelisted URL’s.
Additionally, look at this report to see how notorious this URL is in terms of attacking WP sites: https://www.abuseipdb.com/check/89.248.172.121
Thoughts?
~ BT