[Plugin: Mute Screamer] need help using this plugin effectively

  • Hey there. I installed this plugin a few hours ago, and so far I’ve had 142 intrusion attempts. Most of them have an impact of around “8”, have the field name “COOKIE.w3tc_referrer” and the tags “xss, csrf, id, rfe, lfi”.

    I’m not too sure what this means, though. Are these hack attempts?

    Also, about the Ban threshold, it’s set at 70 by default, but should I make it lower? I don’t want to cause any difficulty for normal users, but my site has been hacked a few times in the past, and I’m hoping this can help me prevent that from happening again.

    Lastly, after logging into admin, I see that my ip is listed with an impact of 6, for the fields “REQUEST.pwd” and ” POST.pwd”. That’s not too big a deal, but I’m a little troubled that the “value” shows my password in plain text. Should that be happening?

    https://www.ads-software.com/extend/plugins/mute-screamer/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author ampt

    (@ampt)

    Intrusion attempts

    The intrusions for COOKIE.w3tc_referrer are not hack attempts and look like that there from W3 Total Cache plugin, these look like false alerts. You can exclude COOKIE.w3tc_referrer from Mute Screamer by adding it to the exceptions list.

    So in the exceptions fields on Mute Screamer options page you want to add this:

    REQUEST.w3tc_referrer
COOKIE.w3tc_referrer

    Note: You can also exclude items from the intrusions list page, by clicking the exclude button.

    Now Mute Scremaer will skip the w3tc_referrer field when it sees it in a request.

    Ban Threshold

    You can make the ban threshold lower if you like, I’ve found around 60-70 or higher works best. You do want to leave some room for legitimate users and in the case it detects a false positive (like you have with w3tc_referrer).

    Intrusion on password field

    That is a bug, that should not be happening. Thanks for reporting the issue. For obvious reasons we don’t want passwords in the database in plaintext. You should delete those intrusions and add the following to the exception fields list:

    REQUEST.pwd
POST.pwd

    That will stop the password field from been scanned by Mute Screamer. I will fix the bug for future releases.

    Thread Starter Ahni

    (@ahni)

    Thanks for the quick reply, ampt. Bonus point to you ?? – As well, for the explanations. And no problem, reporting on that last thing there. Glad to know you’re going to fix that.

    Take care, Ahni

    Why is W3 total cache adding those header when i have page cache DISABLED!?

    w3tc_referrer is used by W3TC, it’s necessary for user agent group detection and consistency of sessions. *.pwd has nothing to do with W3TC.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Mute Screamer] need help using this plugin effectively’ is closed to new replies.