PSA: Beware | Nitro-Webhook-Agent

  • Resolved generosus

    (@generosus)


    8 months, 2 weeks ago

    *** Public Service Announcement ***

    Issue:

    After complete removal of the plugin, NitroPack, the servers and/or IPs associated with NitroPack continue to ping or scrape websites for information via the user agent: Nitro-Webhook-Agent.

    Attacking IPs:

    46.101.77.196
    159.65.180.53
    178.62.81.205

    Click here for more information.

    Recommendations:

    1. Requesting Team SiteGround investigate in more detail this finding for comments and/or update their WAF rules for additional user protection.
    2. Until the issue is solved (permanently) by the developers of NitroPack, highly recommend blocking the above IPs and User Agent via Security Optimizer and/or CDN (via WAF rule).

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support daniellaivanova

    (@daniellaivanova)

    Hello @generosus,

    Thank you for your detailed information. Blocking NitroPack’s IP addresses or User Agent might not be a good idea, because we have many clients using their plugin and it might interfere with its proper work.

    I would recommend you to consider blocking their IPs from your SiteGround Client Area > Site Tools > Security > Blocked Traffic until the issue is resolved on their end.

    Best regards,
    Daniela Ivanova

    Thread Starter generosus

    (@generosus)

    Hi @daniellaivanova,

    Thank you for your feedback.

    Yes, the above recommendations apply only if the NitroPack plugin has been used in the past and is no longer needed.

    Cheers!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘PSA: Beware | Nitro-Webhook-Agent’ is closed to new replies.