Block seen as web attack

  • Resolved avsync

    (@avsync)


    5 years, 8 months ago

    Hi

    I’ve created a very simple block, just a background colour, heading and paragraph.

    When I attempt to work on the page containing this block, OSSEC on my server is seeing this as a web attack for some reason and blocking my IP. Any advice?

    ** Alert 1562327758.1193269: – web,accesslog,attack,
    2019 Jul 05 13:55:58 vv->/var/log/nginx/access.log
    Rule: 31106 (level 6) -> ‘A web attack returned code 200 (success).’
    Src IP: 197.99.120.xxx
    197.99.120.xxx – – [05/Jul/2019:13:55:58 +0200] “GET /wp-json/wp/v2/block-renderer/block-lab/header?context=edit&attributes…

    …/wp-admin/post.php?post=59&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36”

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Ryan Kienstra

    (@ryankienstra)

    Thanks for bringing this up

    Hi @avsync,
    Wow, that must be frustrating seeing it reported as a web attack.

    1. It sounds like this is happening in the block editor, not on the front-end, right?

    https://cldup.com/n0xKzlvis4.png

    2. Could you try adding the Core WordPress blocks ‘Latest Comments’ and ‘Archives,’ and see if these also cause an OSSEC error?

    Those also use the ServerSideRender component, which uses the /wp-json/wp/v2/block-renderer/ endpoint that you mentioned.

    That might help to show if this is only related to WordPress Core.

    3. Also, if you could share the Block Lab template you’re using, that might help. The endpoint above essentially returns the markup of that template.

    • This reply was modified 5 years, 8 months ago by Ryan Kienstra.
    Plugin Author Ryan Kienstra

    (@ryankienstra)

    Marking As Resolved

    Hi @avsync,
    If it’s alright, I’m marking this as resolved.

    But feel free to respond to the points above, or continue this conversation.

    Thread Starter avsync

    (@avsync)

    Hi Ryan

    Thanks for the response.

    As is typical I haven’t made any changes since having the issue, but now that I attempt to re-create it, there are no issues at all using core blocks or the block lab block. It would appear that OSSEC was having a touchy day.

    The template I used was a modified copy of the one in your youtube vid:

    <div style=”background-color: rgba(255, 255, 255, .7); padding: 60px; border: 2px; border-radius: 4px; text-align: center; color: black; font-weight: 700; “>
    <h2><?php block_field( ‘title’ ); ?></h2>
    <p><?php block_field( ‘text’ ); ?></p>
    “><?php block_field( ‘button-text’ ); ?>
    </div>

    Plugin Author Ryan Kienstra

    (@ryankienstra)

    Hi @avsync,
    Thanks for copying the template, and it’s good to hear the issue didn’t appear a second time.

    Let me know if it comes up again, and have a great week.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Block seen as web attack’ is closed to new replies.