Email Question:
Recently, my security logs are increasingly overflowing with UAEGWR-HPRA entries. Previously, BFHS events are the most common, blocking xmlrpc requests and account for the vast majority of log entries, usually one every few minutes sometimes more. Unlike the xmlrpc errors that are almost always from suspicious IP addresses, usually outside North America, these UAEGWR-HPRA errors in the attached log often appear to be from legit internet providers. The website appears to be working fine and they always seem to be related to favicon.ico which also seems to be working. Any concern or action to take?
[403 GET Request: January 22, 2022 - 1:50 pm]
BPS Pro: 16.2
WP: 5.8.3
Event Code: UAEGWR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
REMOTE_ADDR: 216.154.63.54
Host Name: 216-154-63-54.cpe.teksavvy.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 216.154.63.54
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://carseatblog.com/49904/best-carseats-for-extended-harnessing-seats-that-go-the-distance/
REQUEST_URI: /wp-content/uploads/2020/05/favicon.ico
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36