• Hi

    I discovered some poking around for “?gf_page=upload” today and in the past have seen attempts at accessing various php files –

    I was wondering if in a future release, we could have the ability to immediately block IP’s that access vulnerable file names or extensions, even perhaps with wildcard * structures (*.php), without having to identify a particular folder, as we must do now in order to auto block for vulnerable folder structures.

    https://www.ads-software.com/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Is the firewall rule to “If 404’s for known vulnerable URL’s exceed” not working? I usually set mine to 2. I figure 1 can be an honest mistake. 2 means you’re up to no good. ??

    tim

    Thread Starter bcr8tive

    (@bcr8tive)

    It’s set to “1 per minute” and block it –

    Unless I’m incorrect, I can’t see a reason why there’d be a mistake like ?gf_page=upload – that has to be typed in right? or even php files?
    (I see that often, the gravity form thing was a new one for me today)

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Feature Request – auto block’ is closed to new replies.