Lodi646 vip login philippines.Claim Your Free 999 Pesos Bonus Today

Resolved micvideo
(@oceandigital)

8 years, 10 months ago

I thought it was supposed to block exploits??

Here is the URL it whitelisted while in training mode: /wp-content/themes/mTheme-Unus/css/css.p?-hp PARAM: request.queryString[files] IP:64.27.17.140

Can you please help me remove it?

https://www.ads-software.com/plugins/wordfence/

Viewing 9 replies - 1 through 9 (of 9 total)

wfasa
(@wfasa)

8 years, 10 months ago

Hello micvideo,
are you using the latest version of Wordfence? We recently added a feature that will block non existing pages from getting whitelisted. We also recently added a bug fix for deleting whitelisted entries that contain strange characters like the one in your example.

Thread Starter micvideo
(@oceandigital)

8 years, 9 months ago

I updated the plugin, wiped out the whitelist and put it back in training mode. After it was over the firewall whitelisted another hackers ip and all the new links they tried. So for now, I dont have confidence in this feature and I disabled it completely.

wfasa
(@wfasa)

8 years, 9 months ago

Hello again,
how did you know it was a hacker? If you email examples of the rules that should not have been whitelisted to [email protected] I can have a look.

Thread Starter micvideo
(@oceandigital)

8 years, 9 months ago

I emailed you this morning. I can tell its a hacker because the links that were whitelisted were related to plugins I did not have. From the pattern it looked like the attacker was checking for exploits from a list of plugins. I also looked up the IPs and they were all flagged from various IP reporting sites.

wfasa
(@wfasa)

8 years, 9 months ago

Hello micvideo,
Thanks. I looked at your examples. It’s not supposed to be possible for the firewall to whitelist URLs that return a 404. If you try to browse to one of those URLs that do not exist, do you get a 404 response?

Thread Starter micvideo
(@oceandigital)

8 years, 9 months ago

Yes, they go to ‘page not found’ pages.

Thread Starter micvideo
(@oceandigital)

8 years, 9 months ago

I checked in Wordfence Live Traffic and its marking the links I just tested as ‘non-existent page’ .

wfasa
(@wfasa)

8 years, 9 months ago

micvideo, I will take note of your issue and see if I can find an explanation but for now, could you try this?

1. Remove all whitelisted items from the firewall.
2. Set the Firewall to “Enabled and protecting”.
3. Now try to use your site normally.

If you are logged in as admin while browsing your site you will get notified if the Firewall is blocking anything. You will then get an option to “whitelist” that particular action.

Going about it this way and not using “Learning mode” at all should give you 100% control over what the Firewall is whitelisting.

Thread Starter micvideo
(@oceandigital)

8 years, 9 months ago

Ok, I will try that and report back here if anything else comes up. Thank you.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Firewall Whitelisted an Exploit’ is closed to new replies.