It gets worse. It seems I have been hacked due to a known WordFence vulnerability. :(
http://www.websecuritywatch.com/wordpress-wordfence-security-xss-and-iaa-vulnerabilities/
http://healingpetloss.com/?_wfsf=unlockEmail
Http Code: 200
date/time: 6/7/14 10:20 AM
100.199.78.125.broad.pt.fj.dynamic.163data.com.cn
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31
Protocol: HTTP/1.1
bytes: 242
method: GETThe irony is I just signed up yesterday to be a premium customer and I specifically blocked all hits from China. How is it possible that the country blocking is not working? And why is the Cross-Site Scripting Vulnerability (apparently) not fixed?
Now, my website is inaccessible and I cannot log in to WordPress. I am waiting for my hosting provider to fix it. I have cpanel access, but I do not know how to verify the problem and fix it myself.
Additionally, leading up to this attack was a series of attacks over a 48 hour period, see below:
An unknown location at IP 0.0.0.0 visited http://site
20 minutes ago IP: 0.0.0.0 [block]
Browser: Yahoo! Slurp version 3.0
Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
An unknown location at IP 0.0.0.0 left http://sitepet/ and visited http://site
23 minutes ago IP: 0.0.0.0 [block]
Browser: Chrome version 30.0 running on Win7
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.13014 YaBrowser/13.12.1599.13014 Safari/537.36
An unknown location at IP 0.0.0.0 lefthttp://site and visited http://site
23 minutes ago IP: 0.0.0.0 [block]
Browser: Chrome version 30.0 running on Win7
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.13014 YaBrowser/13.12.1599.13014 Safari/537.36BTW, there have been dozens of these attacks with IP 0.0.0.0.
Please advise. Thanks in advance.