Help deciphering Mailpoet-related firewall log entries

  • Resolved tfolkman

    (@tfolkman)


    9 years, 5 months ago

    My WAF log (WP Ninja Firewall) showed the following entries, and I am trying to figure out if they are a blocked attack or if my firewall is blocking legitimate Mailpoet behavior. I’ve redacted the IP address. Thanks!

    30/Jun/15 12:03:31 #4892300 critical 204 [IP ADDRESS] POST /index.php – SQL injection (equal operator) – [GET:email_id = 196′ or 1=’0=A and ‘1’=’1]
    30/Jun/15 12:03:34 #6266680 critical 204 [IP ADDRESS] POST /index.php – SQL injection (equal operator) – [GET:user_id = 67′ or 1=’0=A and ‘1’=’1]
    30/Jun/15 12:03:35 #7513396 critical 204 [IP ADDRESS] POST /index.php – SQL injection (equal operator) – [GET:urlpassed = aHR0cDovL3d3dy5oY2NoLm5ldC9pbmRleF9lbi5waHA/YWN0PWNvbnZlbnRpb25zLnRleHQmYW1wO2NpZD0xNw==’ or 1=’0=A and ‘1’=’1]
    30/Jun/15 12:03:36 #5651389 critical 204 [IP ADDRESS] POST /index.php – SQL injection (equal operator) – [GET:controller = stats’ or 1=’0=A and ‘1’=’1]

    https://www.ads-software.com/plugins/wysija-newsletters/

Viewing 2 replies - 1 through 2 (of 2 total)

  • Oh yeah, check the “GET:controller = stats’ or 1=’0=A and ‘1’=’1” on your log.
    That, is someone trying to break into your website by doing SQL injections on MailPoet links. You’re safe on that aspect.

    Thread Starter tfolkman

    (@tfolkman)

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Help deciphering Mailpoet-related firewall log entries’ is closed to new replies.