Advanced Mode (Use at your own risk) & Email

Can do the first request. I will add that to the next release, however I will quickly address what they do here:
– Advanced HTTP_HOST filtering aims to address this – https://expressionengine.com/blog/http-host-and-server-name-security-issues
– Soft Ban Bots: Not all bots are bad – but many are indicators of vulnerability scanners intent on mapping your website in preparation for an attack, so in advanced mode will block any request from an attempt to browse your website where the browsers user-agent is not a usual web browser. Soft ban means, block the request but don’t ban the IP address permanently.
– Advanced POST Filtering: In some earlier versions of PHP (versions older than 5.4) are quite easy to carry out a denial of service attack via blind posting of data. These methods are not well known, one of them I discovered myself, however if they were to become well known – since WordPress still recommends some versions of PHP older than 5.4, it could get quite messy.

Enabling the “Hard Ban” option is the one to only use if you really know your stuff. Leave that disabled.

However, 99% of what Pareto Security does, it does in the default settings, so unless you know your website is receiving direct attention from an attacker, you are not at any more risk using the default install settings than the advanced settings.

• This reply was modified 7 years, 4 months ago by te_taipo.

Many websites emails restrict the amount of emails per hour and per day to be sent via the webservers mail server. Alerts of attacks can result in many emails being generated depending on how popular a website is. The common method then is a daily digest which really isn’t the real time alert system people want.

What could be possible is an alert system that triggers an email only for high severity attacks. I will have another think about an alert function.

See: https://hokioisecurity.com/?p=343 for a description of advanced features.

I got it “use your own risk”. But actually not risk if you update:

1) The function MUST ON. Because admin can not sit there to check log list always
Hard ban injection attempts via browser user-agents & Soft Ban Bots
==> Your plugin blocked my admin IP ometime actually
==> Solution whitelist IP –and– whitelist browser user-agents –and– whitelist Bots

2) Filter login attempts (Complete remove this feature)
==> No need this feature because this feature is specical, need many log. Can not just simple ON like this
==> Many plugin did a good job. It need allow number re-try, within time frame, temperory block, within time frame then block.
Example, user login setting: https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/

3) Email alert should allow admin input time for each option, example i setting
+ Low: real time or 15mins / 30mins/ 1 hours
+ Medium & heigh: Real time (or 15mins/15mins / 30mins/ 1 hours)
For the flexible option, depends on web situation
example:
My web on attack, i should ON real time for everything
My web on safe, i should ON 30 mins one for low, 15mins for Medium & heigh
===> Alert is really important for admin quick know what is going on and come back admin to fix issue as soon as everything gone.

4) Add one more colums name country (so i don’t need copy IP to check country everytime)

5) Search option:
+ IP
+ Country
+ Time frame
==> Why what happen if log keep 3-12 months for security tracking. There will be long list, we need to track if someone in whilelist try to return hack web everything single month by smart way. One month come with only 1 hack. Slow slow way but smart because we will not see huge attack.

Thanks

I got it “use your own risk”. But actually not risk if you update:

If there is a bug in a plugin, websites are vulnerable to be mass exploited before there is an update released. This is where Pareto Security stands apart from the rest.

1) The function MUST ON. Because admin can not sit there to check log list always Hard ban injection attempts via browser user-agents & Soft Ban Bots

99% of the REAL risks to your website are taken care of by Pareto Security’s default settings. You do not have to active the advanced settings.

==> Your plugin blocked my admin IP ometime actually
==> Solution whitelist IP –and– whitelist browser user-agents –and– whitelist Bots

There was a code error in an earlier version of Pareto Security that caused that. This has now been fixed. Whitelisting IP addresses only works if the web admin is behind a static IP address. Most of the world isn’t.

2) Filter login attempts (Complete remove this feature)
==> No need this feature because this feature is specical, need many log. Can not just simple ON like this
==> Many plugin did a good job. It need allow number re-try, within time frame, temperory block, within time frame then block.
Example, user login setting: https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/

No it won’t be removed. Most plugins do a terrible job at this. Users know their username, they often forget their passwords. Because Pareto Security like most security plugins prevents attackers from aggregating the list of usernames, it is only the attacker that does not know what the usernames are.

Pareto Security in advanced mode will block these attempts where a non-registered username is used.

However when it comes to login attacks, it is imperative that the administrators use hard passwords. Even if the username is known, it is impossible for an external attacker to break a good password via hammering the login page.

3) Email alert should allow admin input time for each option, example i setting
+ Low: real time or 15mins / 30mins/ 1 hours
+ Medium & heigh: Real time (or 15mins/15mins / 30mins/ 1 hours)
For the flexible option, depends on web situation
example:
My web on attack, i should ON real time for everything
My web on safe, i should ON 30 mins one for low, 15mins for Medium & heigh
===> Alert is really important for admin quick know what is going on and come back admin to fix issue as soon as everything gone.

Pareto Security works on a different philosophy than other plugins that are 90% graphics and warnings of attacks they missed and 10% preventing attacks.

Pareto Security is 100% about preventing both known and future discovered attacks from being successful

==> Why what happen if log keep 3-12 months for security tracking. There will be long list, we need to track if someone in whilelist try to return hack web everything single month by smart way. One month come with only 1 hack. Slow slow way but smart because we will not see huge attack.

Using Pareto Security in its recommended settings will not result in a very long list of attack logs. Pareto Security only keeps the last 100 attack requests. Even on very busy websites, this will not fill up in a few months.

In default mode only attacks that are real are logged. If you see an entry in there, it will be because an attacker is having a go at your website.

In advanced mode this is different. Many of the log records will be of normal bots doing what normal bots do, and a small element of those will be attack tools that are doing reconnaissance learning about your websites weaknesses – attackers taking their time so as not to be discovered.

It really doesn’t matter that much, because there will come a point when that attacker will have to make a malicious request, and when they do, Pareto Security will block the request and ban the IP address.

That is its principle purpose.

100% about being an application firewall, and 0% about being a graphic Disney world to trick users into thinking they are getting better security than they think they are.

Hi. Thank you for explain.

1) Advanced settings. OFF
==> Will i also have reported about:
injection attempts via browser user-agents
Bots attack/visit
fail login with not exit username
==> Because defaul setting, so i only see the report. But not blocked these option, right?
==> How is solution for whitelist IP, domain user-agent / bots?

2)
“Pareto Security in advanced mode will block these attempts where a non-registered username is used.”
==> I’m a bad remember, i actualy usually forget my username in gmail or amazon/ebay sometime. I retry enter around 2 times, then i follow warning “wrong” username, then i used email to re-set my info.
==> In this case, will me and all people blocked?
==> Can you update it allow up to 3 times, then started after 3 time same action “wrong username” from the same IP?

3)
So what will you update for next time? Can you consider about alert when someone blocked? Because by now, i even don’t know sometime my IP admin got blocked or i my family member got blocked because i send them my sensitive URL.
==> I just know it when i turn around with issue and finaly remember your plugin and check back one by one IP in blacklist, if one of them is my family member IP (we live in difference house/city)

Thanks

==> Will i also have reported about:
injection attempts via browser user-agents
Bots attack/visit

In default settings, Pareto Security blocks actual malicious attacks via any input from an attacker, including *Bot* attackers via the user-agent

fail login with not exit username
==> Because defaul setting, so i only see the report. But not blocked these option, right?

In default mode only the POST data is monitored for malicious content. This is enough to block malicious attacks.

==> How is solution for whitelist IP, domain user-agent / bots?

The domain’s IP and also cloud hosting upline proxy IPs are protected from ever being banned….by default.

2)
“Pareto Security in advanced mode will block these attempts where a non-registered username is used.”
==> I’m a bad remember, i actualy usually forget my username in gmail or amazon/ebay sometime. I retry enter around 2 times, then i follow warning “wrong” username, then i used email to re-set my info.

It again is best to leave the settings as default, especially if you cannot remember your username.

==> In this case, will me and all people blocked?
==> Can you update it allow up to 3 times, then started after 3 time same action “wrong username” from the same IP?

In Advanced Mode you will need to enable Hard Ban to ban IP addresses. Without Hard Ban enabled, only the request is blocked. This helps to reduce server load in instances where for example an attacker is making 100s of POST requests per second.

So if you did enable Advanced Mode and used an incorrect username, your IP address will not be blocked, just that incorrect request will be blocked.

3) So what will you update for next time? Can you consider about alert when someone blocked? Because by now, i even don’t know sometime my IP admin got blocked or i my family member got blocked because i send them my sensitive URL.

I am considering an alert system for malicious requests that are IP banned.

==> I just know it when i turn around with issue and finaly remember your plugin and check back one by one IP in blacklist, if one of them is my family member IP (we live in difference house/city)

The chances of this happening in default settings is 0%. If you want to enable Advanced Mode their IP addresses will still not be banned even if they use the wrong username. You would need to enable Hard Ban for that to happen.

Again, use the recommended settings please.

Ok thank you so much.
Now i feel safe and know what to do now.

1) Please consider and do alert
2) Update your donation button better, many people don’t know how to donate via code you given.
3) Your plugin is so usefull, but your name and tags somehow is very hard to find you, i used search security and tested one by one over months, finaly i try your plugin and found usefull (maybe i saw your plugin sometime, but seem name plugin is not attract me for me to click instead of check all security or something attract name frist)
==> This can be reason your plugin very less user active to now.

Hope 2+3 will help you.

Thanks for the suggestions.

Hi i found this in public-html/error_log

PHP Warning: Missing argument 1 for pareto_functions::is_server(), called in …………plugins/pareto-security/pareto_functions.php on line 820 and defined in …………plugins/pareto-security/pareto_functions.php on line 1103

Thanks for that. I have pushed out an update correcting this error.

Hi i would like to thankfull to u by donation like cup of coffee. But i don’t have account & don’t know the source doantion that you used. Do you think will use paypal?

I have just signed up for one.

[email protected]

See how that goes.

Also [email protected]

By the way how is the update for whitelist IP and alert if an IP blocked?
As an admin, I got blocked because there is a plugin create access setting via:
wp-content/plugin/settings.
wp-content/plugin/view-content
==> This is heigh risk warning in your plugin