Blocked Attack on Plugin I don’t think I have installed

  • Resolved WebDev2.0

    (@socalkingg)


    5 years, 10 months ago

    I have a site running the free version of WordFence. I recently got a blocked attack notification from a foreign IP that said the following:

    “Blocked for Kiwi Social Share <= 2.0.10 – Unauthenticated Read Any Option”

    I don’t have this plugin, and I’m pretty sure I never tried to install it. I asked my hosting company if they could locate folders for it in my directory, but they were not able to. After doing more research, I see that this version of the plugin is easy to exploit. I also had two failed login attempts on my admin account with the correct username. I am confused as to why my hosting provider wouldn’t be able to locate these plugin folders but WordFence blocked an attack. Can you help point me in the right direction? I haven’t had this type of notification before.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @socalkingg,

    Currently Wordfence does not enforce rules based on the existence of plugins.

    What happened is that an attacker blindly assumed that you had Kiwi Social Share installed, and attempted to exploit that plugin. Wordfence, not checking if you have this plugin or not, blocked the attempted exploit anyways.

    Dave

    Feature: would perhaps save a lot of support work if you guys at WF included a squib like this with the attack notification: “Please note Wordfence logs all attacks, irregardless of the presence of specific plugins.” I got confused by this as well, took some head scratching to figure it out.

    Other than potential confusion, the way it works is genius, as it blocks bot attacks based on known attack patterns.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Blocked Attack on Plugin I don’t think I have installed’ is closed to new replies.