Shortpixel possible blocked by ninfa firewall

  • Resolved mw66

    (@mw66)


    2 years ago

    Hi there,

    yesterday i received a message from shortpixel saying:

    We noticed that over 50 URLs from XXXXX were not accessible to our Image Optimization Cloud ??

    Please find below some examples:

    the examples …

    Common reasons for this kind of issue:
    – files do not actually exist on disk or at least some thumbnail versions are missing. 
    – files aren’t accessible to our image optimization cloud due to some firewall restrictions. Make sure you whitelist these IPs:

      176.9.40.54
      176.9.106.100
      176.9.21.94

    – your site is password protected and you haven’t added the right AUTH user&password to ShortPixel plugin settings.
    – your site is hosted on a localhost installation. Read more about it here.

    You may also find other possible causes in our?knowledge base.

    We moved the site a day before from staging to live, installed Ninja Firewall (wich is fantastic ?? and since then the error seems to occour.

    I have checked the other suggested solutions and none of them seem to work or apply.

    Maybe i need to disable a security rule for cross-site-scripting, but i have no clue wich one.

    Could you please help?

    Thanks in advance,

    Martin

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter mw66

    (@mw66)

    Sorry, typing error in the Link.

    This is the correct one:

    https://www.verwertungspark.de

    Plugin Author nintechnet

    (@nintechnet)

    Can you check in the firewall log (NinjaFirewall > Logs) why it blocked those requests? Search for “176.9.*” IP addresses in the log
    You can paste here the corresponding lines.

    Thread Starter mw66

    (@mw66)

    Thanks for your answer. These are the latest request that where blocked:

    10/Mar/23 23:20:02 #4766886 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:02 #7567526 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:02 #6475369 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:02 #7830073 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:03 #8197126 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:03 #7941973 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:03 #3494948 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:03 #2317944 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:03 #7613666 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:03 #5423075 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:03 #5745033 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:03 #3307992 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:03 #2283189 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:04 #4753446 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:04 #8135522 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:04 #1167161 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:04 #2451418 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:04 #8478958 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:04 #7643007 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:04 #8953568 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:04 #8224176 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:05 #5700139 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:05 #2721825 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:05 #7004478 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:05 #3135775 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:05 #3977894 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:05 #8125622 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:05 #4025097 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:05 #6070463 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de
    10/Mar/23 23:20:05 #5978190 CRITICAL 157 100.26.141.199 POST /index.php - Code injection - [RAW:POST = ] - verwertungspark.de

    And these are the earliest:

    07/Mar/23 09:46:38  #5596780  CRITICAL   114  193.26.15.1      GET /index.php - Cross-site scripting - [SERVER:QUERY_STRING = id=%3Cscript%3E] - www.verwertungspark.de
07/Mar/23 10:30:16  #6987124  CRITICAL   114  193.26.15.1      GET /index.php - Cross-site scripting - [SERVER:QUERY_STRING = id=%3Cscript%3E] - www.verwertungspark.de
07/Mar/23 11:30:23  #7138914  CRITICAL   114  193.26.15.1      GET /index.php - Cross-site scripting - [SERVER:QUERY_STRING = id=%3Cscript%3E] - www.verwertungspark.de
07/Mar/23 12:30:30  #5538257  CRITICAL   114  193.26.15.1      GET /index.php - Cross-site scripting - [SERVER:QUERY_STRING = id=%3Cscript%3E] - www.verwertungspark.de

    There are no such strting with “176.9”. Does this help anyway?

    Thanks in advance,

    Martin

    Plugin Author nintechnet

    (@nintechnet)

    The problem is those IP addresses found in the firewall’ log do not match the ones given to you by Shortpixel. In your first message you mentioned that their IP were:
    176.9.40.54
    176.9.106.100
    176.9.21.94

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Shortpixel possible blocked by ninfa firewall’ is closed to new replies.