Google crawl bots are being blocked by a default rule

  • Resolved utkuyilmaz1903

    (@utkuyilmaz1903)


    2 months, 3 weeks ago

    Hey everyone, I have an issue which is confusing my mind.

    My wordpress version is : 6.0.3

    Google crawl bots are being blocked by a default rule on my wordpress site.
    I did reverse dns lookup and forward dns lookup and i saw the ip and hostname below belongs to google:

    IP: 66.249.74.38 Hostname: crawl-66-249-74-38.googlebot.com

    Page visited : /?constructor=dbdfe4

    But even if i did not do any restrictions against ‘verified google bots’ that got blocked by rule below:

    blocked by firewall for WordPress Core < 5.9.2 & Gutenberg < 12.7.2 – Prototype Pollution in query string: constructor=dbdfe4

    Why and will it affect on anything?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @utkuyilmaz1903, thanks for getting in touch about this.

    It does seem like this is a legitimate Google bot as 66.249.74.32/27 (therefore including 66.249.74.38) is included in their JSON.

    I will attempt to get further context from our Threat Intelligence team if possible, but as your WordPress version exceeds the version that firewall rule is designed to protect I would suggest toggling its switch off in Wordfence > All Options > Advanced Firewall Options > Rules (after clicking Show All Rules.) Searching the page for “WordPress Core < 5.9.2” after showing all rules will ensure you pick the correct one.

    Let us know if you observe any further issues or have any concerns after doing this.

    Many thanks,
    Peter.

    Thread Starter utkuyilmaz1903

    (@utkuyilmaz1903)

    Thank you for reply @wfpeter !

    But i have another question in that case, for example i got the same /?constructor=f2a7ee request from the ip of ‘52.230.152.60’ for example. If i turn it off, probably its gonna be risky for me. The interesting point is my wordpress version is not less than 5.9.2 but its still blocking with that reason.

    And when i check ‘52.230.152.60’ on dnslookup in mx for example, i can clearly see that it belongs to microsoft. What to do then?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @utkuyilmaz1903,

    I agree that it’s certainly a strange-looking query string for Google (or Microsoft etc.) to be crawling, so could point to that link being added to a website (or sites) somewhere and being picked up by the search engines. The good news is that the rule only applies to WordPress 5.9.2 or earlier so disabling it should solve the message and not cause additional problems for you. The Threat Intelligence team have now looked into it along with recent attack data for that rule and consider disabling in your case to be safe.

    Thanks again,
    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.