Constant Pinging | URL Includes “/?ignorenitro=”

Hey @generosus,

Thanks for the question.

These requests do seem to originate from NitroPack’s system, but they do not purge cache. To go deeper, these specific requests are just testing the connection status for sites using NitroPack. If you are no longer using the service but seeing these requests it is possible that the plugin wasn’t properly disconnected. Nevertheless, feel free to reach out to our support staff to provide your site’s domain so we can make things straight and stop these requests.

Hope this helps.

Hi @mihailstoychev,

Thanks for the quick reply.

Can you kindly tell us in this forum what generally causes this issue and how to fix it (steps)?

As stated before, we have never used your plugin (that we know of) and never signed up on your website. Just in case, we also checked our databases for the term “nitro” (or similar) and found no remnants or intrusions.

Again, help appreciated.

Additional Question:

Does this Nitropack uninstall procedure completely remove Nitropack from websites that have used Nitropack (including transients, database code, connections to your servers, etc.)? If not, kindly provide instructions for a CLEAN uninstall.

Thank you!

Hello again @generosus,

Yes, this is something we have fixed but the fix is not released yet with the new version of the plugin.

To speed things up can you please email me at mihail[-.at.-]nitropack.com your domain name and I will take care of this for you?

Thanks and looking forward.

Hi Mihail,

Before we contact you, can you kindly take a look at these IPs and advise if they are related to Nitropack?

46.101.77.196
159.65.180.53
178.62.81.205

All unwanted/?ignorenitro= pings are coming from those IPs. They are blocked at our end.

If they are related to Nitropack (i.e., servers), please check your logs for more details (e.g., 1020 error codes, pingbacks, etc.) and remove the associated sites from your servers.

Thank you!

Hello generosus,

These are indeed the NitroPack IP addresses. We have published our IPs here:?https://nitropack.io/page/ips.

Again the purpose of the pings that you are observing is to test the connection status between our system and the client servers. If you are observing these it means that your site is registered in NitroPack. However, if you have never connected the plugin or the plugin is not currently present, we would like to investigate why you are still receiving these. Our support team is already looking into this case, but please reach out to our support and provide your domain as this can help greatly. To sum up this is not the default behavior and we need to investigate why this is happening.

Also provided my email address if you would like to reach out to me directly and I can forward it to the support.

Hi Mihail,

Thank you. Email sent.

Cheers ??

Hi Mihail,

We received an update from Atanas (customer support).

It appears our website was previously-connected to Nitropack (no idea how that happened), so when we deactivated and deleted your plugin, your servers never received a notification to delete our website. Based on this, Atanas deleted our website from your servers and said the pinging should now stop.

The above was caused by a bug in your plugin and will be fixed at your next convenient plugin update.

He also stated that — for a clean uninstall — it’s best to disconnect the affected website first (within the plugin’s site connection page), then deactivate and delete the plugin.

We recommend adding this valuable information to your knowledgebase while also indicating if databases, etc. need to be cleaned up as well (if necessary).

Thank you for your thorough and expedited support.

Cheers ??

Hey,

Super happy to help! Always here for you in case you have any further questions.

Hi Mahail,

Update:

Not good. After claiming you removed our website from your server(s), we still keep getting pinged (attacked) by them.

Details:

https://prnt.sc/nRIjczcOVO6N
https://prnt.sc/uWztAIt2I2Vh

We have blocked your IPs, User Agents, and soon your servers if this continues.

Please re-open and review this case one more time. Many of your past or unsolicited customers — most likely — are experiencing the same. You may want to perform a full audit of your logs to find out which sites should not be pinged. Your IPs are already blacklisted by many organizations.

Not happy. Thank you.

Hi there,

The team just responded back. Can you please check again?

Please let me know how things go.

Hi Mihail,

Message received. Please do not close this topic as “Resolved” until we have confirmed your latest fix works. We will need 30-90 days to confirm.

Thank you!

Hi,

Please feel free to reopen it or just email me – no worries!

Hi Mihail,

So far, the pinging has stopped. Closing this topic as “Resolved” for now.

If pinging restarts, we’ll let you know.

Thank you.

Update:

After claiming you removed our website from your server(s), we still keep getting pinged (attacked) by your User Agent: Nitro-Webhook-Agent.

Details:

https://prnt.sc/v3v8p_eNH4Xu
https://prnt.sc/A9iIBTdZHSlt

Attacking IPs: (same as previously identified/reported)

46.101.77.196
159.65.180.53
178.62.81.205

Our Go Forward Plan:

Based on Nitro’s failure to stop crawling/scraping websites after removing your plugin, we are now classifying your User Agent as Malicious. For the protection of past plugin users, we have no other recourse than to notify the developers of Security plugins, etc. of this finding.