Continuous access in a short period of time from a suspicious IP address

Here’s a log of possible attacks or malicious scanning activity against the server.
Repeated attempts have been made to access WordPress-related files and directories (e.g. wp-includes, wp-content).
Access to certain PHP files such as upload_handler.php, classwithtostring.php and radio.php, as well as SSL certificate-related .well-known directories, has also been attempted.
What should I do?
What do you think the aim is?

critical
F, [2024-09-06T23:37:19.040507 #110] FATAL -- : [a5db8171-734e-44e2-983a-f91cea7acc7d]   
info
[a5db8171-734e-44e2-983a-f91cea7acc7d] ActionController::RoutingError (No route matches [GET] "/wp-includes/wp-includes/admin-bar.php"):
info
[a5db8171-734e-44e2-983a-f91cea7acc7d]   
info
I, [2024-09-06T23:37:19.426752 #110]  INFO -- : [1c321543-8528-475f-8825-386da7eac182] Started GET "/wp-includes/js/jquery/jquery.js" for 52.169.221.49 at 2024-09-06 23:37:19 +0000
critical
F, [2024-09-06T23:37:19.444479 #110] FATAL -- : [1c321543-8528-475f-8825-386da7eac182]   
info
[1c321543-8528-475f-8825-386da7eac182] ActionController::RoutingError (No route matches [GET] "/wp-includes/js/jquery/jquery.js"):
info
[1c321543-8528-475f-8825-386da7eac182]   
info
I, [2024-09-06T23:37:19.810390 #110]  INFO -- : [5870cd9c-2fcf-4fc8-a37a-98cfde241038] Started GET "/wp-content/uploads/upload_handler.php" for 52.169.221.49 at 2024-09-06 23:37:19 +0000
critical
F, [2024-09-06T23:37:19.812796 #110] FATAL -- : [5870cd9c-2fcf-4fc8-a37a-98cfde241038]   
info
[5870cd9c-2fcf-4fc8-a37a-98cfde241038] ActionController::RoutingError (No route matches [GET] "/wp-content/uploads/upload_handler.php"):
info
[5870cd9c-2fcf-4fc8-a37a-98cfde241038]   
info
I, [2024-09-06T23:37:20.182265 #110]  INFO -- : [3138b821-9e43-4498-a7ce-fba5028f6dfb] Started GET "/classwithtostring.php" for 52.169.221.49 at 2024-09-06 23:37:20 +0000
critical
F, [2024-09-06T23:37:20.184546 #110] FATAL -- : [3138b821-9e43-4498-a7ce-fba5028f6dfb]   
info
[3138b821-9e43-4498-a7ce-fba5028f6dfb] ActionController::RoutingError (No route matches [GET] "/classwithtostring.php"):
info
[3138b821-9e43-4498-a7ce-fba5028f6dfb]   
info
I, [2024-09-06T23:37:20.605120 #110]  INFO -- : [e02981a4-b515-4366-9dc1-7d7a8130a4ff] Started GET "/.well-known/acme-challenge/upfile.php" for 52.169.221.49 at 2024-09-06 23:37:20 +0000
critical
F, [2024-09-06T23:37:20.644342 #110] FATAL -- : [e02981a4-b515-4366-9dc1-7d7a8130a4ff]   
info
[e02981a4-b515-4366-9dc1-7d7a8130a4ff] ActionController::RoutingError (No route matches [GET] "/.well-known/acme-challenge/upfile.php"):
info
[e02981a4-b515-4366-9dc1-7d7a8130a4ff]   
info
I, [2024-09-06T23:37:21.024259 #110]  INFO -- : [9caac68c-a6a5-4ec8-a07e-0e52c7869bc6] Started GET "/.well-known/radio.php" for 52.169.221.49 at 2024-09-06 23:37:21 +0000
critical
F, [2024-09-06T23:37:21.031587 #110] FATAL -- : [9caac68c-a6a5-4ec8-a07e-0e52c7869bc6]   
info
[9caac68c-a6a5-4ec8-a07e-0e52c7869bc6] ActionController::RoutingError (No route matches [GET] "/.well-known/radio.php"):
info
[9caac68c-a6a5-4ec8-a07e-0e52c7869bc6]   
info
I, [2024-09-07T00:28:59.346898 #110]  INFO -- : [5a9a4053-a84b-4183-8ec2-00ce3dd95303] Started GET "//wp-content/plugins/fix/up.php" for 94.156.65.158 at 2024-09-07 00:28:59 +0000
critical
F, [2024-09-07T00:28:59.349770 #110] FATAL -- : [5a9a4053-a84b-4183-8ec2-00ce3dd95303]   
info
[5a9a4053-a84b-4183-8ec2-00ce3dd95303] ActionController::RoutingError (No route matches [GET] "/wp-content/plugins/fix/up.php"):
info
[5a9a4053-a84b-4183-8ec2-00ce3dd95303]   
info
I, [2024-09-07T00:43:33.870660 #110]  INFO -- : [14cf05a9-7d63-42f2-a177-5e56be36e75e] Started GET "/" for 43.128.110.17 at 2024-09-07 00:43:33 +0000
info
I, [2024-09-07T00:43:33.874286 #110]  INFO -- : [14cf05a9-7d63-42f2-a177-5e56be36e75e] Processing by HomeController#index as HTML
info
I, [2024-09-07T00:43:33.877038 #110]  INFO -- : [14cf05a9-7d63-42f2-a177-5e56be36e75e]   Rendered home/index.html.erb within layouts/application (Duration: 2.1ms | Allocations: 145)
info
I, [2024-09-07T00:43:33.921568 #110]  INFO -- : [14cf05a9-7d63-42f2-a177-5e56be36e75e]   Rendered layout layouts/application.html.erb (Duration: 46.7ms | Allocations: 3404)
info
I, [2024-09-07T00:43:33.922467 #110]  INFO -- : [14cf05a9-7d63-42f2-a177-5e56be36e75e] Completed 200 OK in 47ms (Views: 47.1ms | ActiveRecord: 0.0ms | Allocations: 3623)
info
I, [2024-09-07T01:17:16.890232 #110]  INFO -- : [11db1c54-808b-4b0d-b34e-fb0975ca8e44] Started GET "/" for 91.92.251.54 at 2024-09-07 01:17:16 +0000
info
I, [2024-09-07T01:17:16.894035 #110]  INFO -- : [11db1c54-808b-4b0d-b34e-fb0975ca8e44] Processing by HomeController#index as HTML
info
I, [2024-09-07T01:17:16.896643 #110]  INFO -- : [11db1c54-808b-4b0d-b34e-fb0975ca8e44]   Rendered home/index.html.erb within layouts/application (Duration: 2.1ms | Allocations: 145)
info
I, [2024-09-07T01:17:16.943601 #110]  INFO -- : [11db1c54-808b-4b0d-b34e-fb0975ca8e44]   Rendered layout layouts/application.html.erb (Duration: 49.1ms | Allocations: 3390)
info
I, [2024-09-07T01:17:16.944066 #110]  INFO -- : [11db1c54-808b-4b0d-b34e-fb0975ca8e44] Completed 200 OK in 50ms (Views: 49.7ms | ActiveRecord: 0.0ms | Allocations: 3618)
info
I, [2024-09-07T01:17:17.392700 #110]  INFO -- : [e8b0a5e9-736d-46bc-af4b-61ce5bd947f7] Started GET "//wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:17 +0000
critical
F, [2024-09-07T01:17:17.395093 #110] FATAL -- : [e8b0a5e9-736d-46bc-af4b-61ce5bd947f7]   
info
[e8b0a5e9-736d-46bc-af4b-61ce5bd947f7] ActionController::RoutingError (No route matches [GET] "/wp-includes/wlwmanifest.xml"):
info
[e8b0a5e9-736d-46bc-af4b-61ce5bd947f7]   
info
I, [2024-09-07T01:17:17.698656 #110]  INFO -- : [0e76975f-ef89-437f-b00d-c8d798b0a3fe] Started GET "//xmlrpc.php?rsd" for 91.92.251.54 at 2024-09-07 01:17:17 +0000
critical
F, [2024-09-07T01:17:17.729002 #110] FATAL -- : [0e76975f-ef89-437f-b00d-c8d798b0a3fe]   
info
[0e76975f-ef89-437f-b00d-c8d798b0a3fe] ActionController::RoutingError (No route matches [GET] "/xmlrpc.php"):
info
[0e76975f-ef89-437f-b00d-c8d798b0a3fe]   
info
I, [2024-09-07T01:17:18.106501 #110]  INFO -- : [0cf70779-54b4-4cf5-bd6a-fdaf00b8b358] Started GET "/" for 91.92.251.54 at 2024-09-07 01:17:18 +0000
info
I, [2024-09-07T01:17:18.107457 #110]  INFO -- : [0cf70779-54b4-4cf5-bd6a-fdaf00b8b358] Processing by HomeController#index as HTML
info
I, [2024-09-07T01:17:18.109659 #110]  INFO -- : [0cf70779-54b4-4cf5-bd6a-fdaf00b8b358]   Rendered home/index.html.erb within layouts/application (Duration: 1.2ms | Allocations: 225)
info
I, [2024-09-07T01:17:18.113907 #110]  INFO -- : [0cf70779-54b4-4cf5-bd6a-fdaf00b8b358]   Rendered layout layouts/application.html.erb (Duration: 5.5ms | Allocations: 3456)
info
I, [2024-09-07T01:17:18.114282 #110]  INFO -- : [0cf70779-54b4-4cf5-bd6a-fdaf00b8b358] Completed 200 OK in 7ms (Views: 6.3ms | ActiveRecord: 0.0ms | Allocations: 3674)
info
I, [2024-09-07T01:17:19.210431 #110]  INFO -- : [a9babf88-3c03-40f6-8d7e-bd8a6db258cb] Started GET "//blog/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:19 +0000
critical
F, [2024-09-07T01:17:19.212592 #110] FATAL -- : [a9babf88-3c03-40f6-8d7e-bd8a6db258cb]   
info
[a9babf88-3c03-40f6-8d7e-bd8a6db258cb] ActionController::RoutingError (No route matches [GET] "/blog/wp-includes/wlwmanifest.xml"):
info
[a9babf88-3c03-40f6-8d7e-bd8a6db258cb]   
info
I, [2024-09-07T01:17:19.589426 #110]  INFO -- : [1a12c393-a897-45bc-9997-5d4a97220002] Started GET "//web/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:19 +0000
critical
F, [2024-09-07T01:17:19.591669 #110] FATAL -- : [1a12c393-a897-45bc-9997-5d4a97220002]   
info
[1a12c393-a897-45bc-9997-5d4a97220002] ActionController::RoutingError (No route matches [GET] "/web/wp-includes/wlwmanifest.xml"):
info
[1a12c393-a897-45bc-9997-5d4a97220002]   
info
I, [2024-09-07T01:17:19.864623 #110]  INFO -- : [f4b75f34-74b7-427b-a47d-a97f20738e6d] Started GET "//wordpress/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:19 +0000
critical
F, [2024-09-07T01:17:19.866889 #110] FATAL -- : [f4b75f34-74b7-427b-a47d-a97f20738e6d]   
info
[f4b75f34-74b7-427b-a47d-a97f20738e6d] ActionController::RoutingError (No route matches [GET] "/wordpress/wp-includes/wlwmanifest.xml"):
info
[f4b75f34-74b7-427b-a47d-a97f20738e6d]   
info
I, [2024-09-07T01:17:20.147737 #110]  INFO -- : [2a82e813-1ce3-492f-8543-c34ebbfffc0a] Started GET "//website/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:20 +0000
critical
F, [2024-09-07T01:17:20.149957 #110] FATAL -- : [2a82e813-1ce3-492f-8543-c34ebbfffc0a]   
info
[2a82e813-1ce3-492f-8543-c34ebbfffc0a] ActionController::RoutingError (No route matches [GET] "/website/wp-includes/wlwmanifest.xml"):
info
[2a82e813-1ce3-492f-8543-c34ebbfffc0a]   
info
I, [2024-09-07T01:17:20.369560 #110]  INFO -- : [61db462a-3ee0-4d86-bde2-efa279f9493d] Started GET "//wp/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:20 +0000
critical
F, [2024-09-07T01:17:20.371701 #110] FATAL -- : [61db462a-3ee0-4d86-bde2-efa279f9493d]   
info
[61db462a-3ee0-4d86-bde2-efa279f9493d] ActionController::RoutingError (No route matches [GET] "/wp/wp-includes/wlwmanifest.xml"):
info
[61db462a-3ee0-4d86-bde2-efa279f9493d]   
info
I, [2024-09-07T01:17:20.566537 #110]  INFO -- : [f1666243-efa4-47f0-b85e-f83530fba2d9] Started GET "//news/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:20 +0000
critical
F, [2024-09-07T01:17:20.568761 #110] FATAL -- : [f1666243-efa4-47f0-b85e-f83530fba2d9]   
info
[f1666243-efa4-47f0-b85e-f83530fba2d9] ActionController::RoutingError (No route matches [GET] "/news/wp-includes/wlwmanifest.xml"):
info
[f1666243-efa4-47f0-b85e-f83530fba2d9]   
info
I, [2024-09-07T01:17:20.851443 #110]  INFO -- : [f9337afe-78a5-41cf-9823-90fea1520304] Started GET "//2020/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:20 +0000
critical
F, [2024-09-07T01:17:20.855210 #110] FATAL -- : [f9337afe-78a5-41cf-9823-90fea1520304]   
info
[f9337afe-78a5-41cf-9823-90fea1520304] ActionController::RoutingError (No route matches [GET] "/2020/wp-includes/wlwmanifest.xml"):
info
[f9337afe-78a5-41cf-9823-90fea1520304]   
info
I, [2024-09-07T01:17:21.133915 #110]  INFO -- : [b695efba-6b85-4efe-b0db-0a5c19d3717f] Started GET "//2019/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:21 +0000
critical
F, [2024-09-07T01:17:21.135771 #110] FATAL -- : [b695efba-6b85-4efe-b0db-0a5c19d3717f]   
info
[b695efba-6b85-4efe-b0db-0a5c19d3717f] ActionController::RoutingError (No route matches [GET] "/2019/wp-includes/wlwmanifest.xml"):
info
[b695efba-6b85-4efe-b0db-0a5c19d3717f]   
info
I, [2024-09-07T01:17:21.452355 #110]  INFO -- : [44467b14-3a0f-46e9-aa3a-8f16642f7b79] Started GET "//shop/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:21 +0000
critical
F, [2024-09-07T01:17:21.455188 #110] FATAL -- : [44467b14-3a0f-46e9-aa3a-8f16642f7b79]   
info
[44467b14-3a0f-46e9-aa3a-8f16642f7b79] ActionController::RoutingError (No route matches [GET] "/shop/wp-includes/wlwmanifest.xml"):
info
[44467b14-3a0f-46e9-aa3a-8f16642f7b79]   
info
I, [2024-09-07T01:17:21.648499 #110]  INFO -- : [26fcabe6-25e1-4dfc-991c-7cfdf3ffca86] Started GET "//wp1/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:21 +0000
critical
F, [2024-09-07T01:17:21.650816 #110] FATAL -- : [26fcabe6-25e1-4dfc-991c-7cfdf3ffca86]   
info
[26fcabe6-25e1-4dfc-991c-7cfdf3ffca86] ActionController::RoutingError (No route matches [GET] "/wp1/wp-includes/wlwmanifest.xml"):
info
[26fcabe6-25e1-4dfc-991c-7cfdf3ffca86]   
info
I, [2024-09-07T01:17:21.902142 #110]  INFO -- : [219335d3-58c4-4027-8f4c-fd4e5bacaca5] Started GET "//test/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:21 +0000
critical
F, [2024-09-07T01:17:21.904223 #110] FATAL -- : [219335d3-58c4-4027-8f4c-fd4e5bacaca5]   
info
[219335d3-58c4-4027-8f4c-fd4e5bacaca5] ActionController::RoutingError (No route matches [GET] "/test/wp-includes/wlwmanifest.xml"):
info
[219335d3-58c4-4027-8f4c-fd4e5bacaca5]   
info
I, [2024-09-07T01:17:22.208194 #110]  INFO -- : [de402937-c703-422f-9aa5-1f6c1771adf5] Started GET "//wp2/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:22 +0000
critical
F, [2024-09-07T01:17:22.210039 #110] FATAL -- : [de402937-c703-422f-9aa5-1f6c1771adf5]   
info
[de402937-c703-422f-9aa5-1f6c1771adf5] ActionController::RoutingError (No route matches [GET] "/wp2/wp-includes/wlwmanifest.xml"):
info
[de402937-c703-422f-9aa5-1f6c1771adf5]   
info
I, [2024-09-07T01:17:22.461309 #110]  INFO -- : [98fb9d24-8fb1-4a5a-8af1-58ca7db645d8] Started GET "//site/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:22 +0000
critical
F, [2024-09-07T01:17:22.497861 #110] FATAL -- : [98fb9d24-8fb1-4a5a-8af1-58ca7db645d8]   
info
[98fb9d24-8fb1-4a5a-8af1-58ca7db645d8] ActionController::RoutingError (No route matches [GET] "/site/wp-includes/wlwmanifest.xml"):
info
[98fb9d24-8fb1-4a5a-8af1-58ca7db645d8]   
info
I, [2024-09-07T01:17:22.690890 #110]  INFO -- : [704801b1-a33b-4ec5-ad17-0fd9cab8053b] Started GET "//cms/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:22 +0000
critical
F, [2024-09-07T01:17:22.692887 #110] FATAL -- : [704801b1-a33b-4ec5-ad17-0fd9cab8053b]   
info
[704801b1-a33b-4ec5-ad17-0fd9cab8053b] ActionController::RoutingError (No route matches [GET] "/cms/wp-includes/wlwmanifest.xml"):
info
[704801b1-a33b-4ec5-ad17-0fd9cab8053b]   
info
I, [2024-09-07T01:17:22.976019 #110]  INFO -- : [c24e4875-7ec2-4e95-ba0b-c76373af4499] Started GET "//sito/wp-includes/wlwmanifest.xml" for 91.92.251.54 at 2024-09-07 01:17:22 +0000
critical
F, [2024-09-07T01:17:22.992266 #110] FATAL -- : [c24e4875-7ec2-4e95-ba0b-c76373af4499]   
info
[c24e4875-7ec2-4e95-ba0b-c76373af4499] ActionController::RoutingError (No route matches [GET] "/sito/wp-includes/wlwmanifest.xml"):

Hi Minokiti11,
I believe the aim is to find some credentials in these files - the url 91.92.251.54 is filed in https://www.abuseipdb.com/ as https://www.abuseipdb.com/check/91.92.251.54

The best solution is to block all traffic originating in this IP.

Hi there,

Blocking the ip address sounds like a great mitigation.

While you can do this from your application, to block potential attacks it’s often best to block from a network firewall. Many of our customers who need finer grain controls like this put a Cloudflare instance (or other firewall) in front of their Render service so they can manage rules and blocks.

Regards,

Matt

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.