Mwgames188 review.Claim Your Free 999 Pesos Bonus Today

Resolved gagomap
(@gagomap)

9 years ago

Hi,
After NF 1.8 release, i have seen it can stop anyone try to attempt user enumeration, before fail2ban did. But after a few day, NF doesn’t works anymore.

Fortunately, fail2ban stop all of them.

//I’m sorry for my English ??

https://www.ads-software.com/plugins/ninjafirewall/

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author

(@nintechnet)

Can you show me your HTTP log?

You can also try the user enumeration yourself and see if it works:
https:// YOUR_WEBSITE/?author=1
https:// YOUR_WEBSITE/?author_name=admin

You should be redirected to the homepage by NinjaFirewall.

Thread Starter

gagomap

(@gagomap)

8 years, 12 months ago

This is log:

5.178.68.242 0.017 BYPASS [27/Nov/2015:07:02:23 +0700] dautu365.com "GET /?author=1 HTTP/1.1" 500 2985 "https://dautu365.com/?author=1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
5.61.38.9 0.026 BYPASS [29/Nov/2015:05:13:19 +0700] dautu365.com "GET /?author=1 HTTP/1.1" 500 2985 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54u1 [en]"
195.154.191.156 0.057 BYPASS [02/Dec/2015:14:38:02 +0700] dautu365.com "GET /?author=0 HTTP/1.0" 500 2973 "-" "-"
5.178.68.242 0.017 BYPASS [27/Nov/2015:07:02:23 +0700] dautu365.com "GET /?author=1 HTTP/1.1" 500 2985 "https://dautu365.com/?author=1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
5.61.38.9 0.026 BYPASS [29/Nov/2015:05:13:19 +0700] dautu365.com "GET /?author=1 HTTP/1.1" 500 2985 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54u1 [en]"
14.171.201.123 - BYPASS [30/Nov/2015:20:11:43 +0700] dautu365.com "GET /author/xxx HTTP/1.1" 301 178 "https://dautu365.com/wp-admin/admin.php?page=td_theme_panel" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36"
195.154.191.156 0.057 BYPASS [02/Dec/2015:14:38:02 +0700] dautu365.com "GET /?author=0 HTTP/1.0" 500 2973 "-" "-"
5.178.68.242 0.017 BYPASS [27/Nov/2015:07:02:23 +0700] dautu365.com "GET /?author=1 HTTP/1.1" 500 2985 "https://dautu365.com/?author=1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"

NF didn’t block them.

Thread Starter

gagomap

(@gagomap)

8 years, 12 months ago

Newer Log:

80.86.100.130 0.114 BYPASS [02/Dec/2015:20:47:02 +0700] dautu365.com "HEAD /?author=1&#034 HTTP/1.0" 500 0 "-" "WordPress/4.3.1; https://wordpressthemes.review"
185.20.4.220 0.294 BYPASS [02/Dec/2015:20:47:21 +0700] dautu365.com "GET /?author=1 HTTP/1.1" 500 2985 "-" "Mozilla/5.0 (TweetmemeBot/4.0; +https://datasift.com/bot.html) Gecko/20100101 Firefox/31.0"
54.151.42.39 0.179 BYPASS [02/Dec/2015:20:47:23 +0700] dautu365.com "HEAD /?author=1 HTTP/1.1" 500 0 "-" "Google-HTTP-Java-Client/1.17.0-rc (gzip)"
54.151.42.39 0.238 BYPASS [02/Dec/2015:20:47:23 +0700] dautu365.com "HEAD /?author=1 HTTP/1.1" 500 0 "-" "Google-HTTP-Java-Client/1.17.0-rc (gzip)"

NF did not catch them.