Information on exploit scanners
Posted: 19 Aug 2015, 09:33
Hi,
I use a wordpress website with the plugin Visitor Maps. The plugin points out the visitors IPs and which webpage they accessed. It is also listing exploit scanners that are looking for certain files inside the website directories, for instance:
/wp-content/themes/(theme-name)/(subfoldername)/css/loading.gif
/wp-content/plugins/newsletters-lite/css/jquery-countdown.css
There is no loading.gif in the CSS folder and in the second case, the newsletters-lite plugin is not and has never been installed in this server. However, I noticed in other cases that those scanners tried to access files that actually exist in my website install. This poses a serious risk.
The IPs originating those access are not related to visitors that usually visit my website. What I am doing is to add manually those IPs to the CSF blacklist. This is time consuming and also risky because depends on manual work that is not done at the same time the scanner tries an unautorized access to a file.
Is there any way to configure CSF to block those scanners and/or to detect them and automatically add their IPs to the black list?
Any advice is welcome.
I use a wordpress website with the plugin Visitor Maps. The plugin points out the visitors IPs and which webpage they accessed. It is also listing exploit scanners that are looking for certain files inside the website directories, for instance:
/wp-content/themes/(theme-name)/(subfoldername)/css/loading.gif
/wp-content/plugins/newsletters-lite/css/jquery-countdown.css
There is no loading.gif in the CSS folder and in the second case, the newsletters-lite plugin is not and has never been installed in this server. However, I noticed in other cases that those scanners tried to access files that actually exist in my website install. This poses a serious risk.
The IPs originating those access are not related to visitors that usually visit my website. What I am doing is to add manually those IPs to the CSF blacklist. This is time consuming and also risky because depends on manual work that is not done at the same time the scanner tries an unautorized access to a file.
Is there any way to configure CSF to block those scanners and/or to detect them and automatically add their IPs to the black list?
Any advice is welcome.