Vaultpress blocked for SQL injection

Viewing 10 replies - 1 through 10 (of 10 total)

  • Hi krko,
    You can go to (Wordfence > Live Traffic) and Filter traffic with “Blocked by Firewall” then you should be able to see any request that got blocked by Firwewall there, also you can click on “Whitelist param from Firewall” button to whitelist any specific action.

    Another way is to choose “Learning Mode” for “Firewall Status” under (Wordfence > Firewall) then try performing the same action you were doing with Vaultpress and the Firewall will learn to whitelist this action in the future, after that you can revert the Firewall Status back to “Enabled and Protecting”.

    Thanks.

    Sorry to pull up an old thread, but Wordfence has been blocking Vaultpress on my install too, for XSS:

    Ashburn, United States was blocked by firewall for XSS: Cross Site Scripting in POST body: path=%2Fwordpress-seo-premium%2Fadmin%2Fonpage%2Fclass-onpage-request.php at https://www.btr-fabrications.com/wp-load.php?vaultpress=true&action=plugins%3Astat&doing_wp_cron=&wp-admin=&vector=1485521529.2725
    27/01/2017 12:52:09 (20 minutes ago) IP: 192.x.x.x [block] Hostname: jobs7.misc.dca.vaultpress.com
    Browser: undefined
    Automattic/VaultPress/0.1

    Any ideas what’s going on? Should I be worried, or do I just need to whitelist the Vaultpress IP?

    Thanks

    Hi @btrfabrications
    If you recognise this request then you can safely whitelist it as mentioned in my previous reply, sometimes requests like this one got blocked as false positive by the firewall.

    Thanks.

    Thanks wflaa, will do.

    Hi @wflaa

    Wordfence is continuing to block other IPs used by Vaultpress. I’m whitelisting them as they appear, and have asked Vaultpress to provide the range of IPs I should whitelist to prevent them from being blocked.

    It seems strange to me that this would be an issue though – is there something that could be adjusted or fixed from your end?

    Thanks

    Just to correct some information, Wordfence only blocks this request not the IP address, of course whitelisting Vaultpress IP ranges can work as a treat in this case.

    And you are right, I can see we have a similar case report (internal reference number: #FB3087) which should address this issue in the future.

    Thanks.

    Thanks @wfalaa. Good that you’re already working on a fix.

    Cleanforest.co

    (@noamcleanforestsolutionscom)

    Hi @wfalaa, I am still seeing this issue on Wordfence 6.3.8 and Vaultpress 1.8.9.
    Any update on #FB3087?

    Thank you!

    Cleanforest.co

    (@noamcleanforestsolutionscom)

    Related: WordPress VaultPress plugin version 1.8.4 suffers from a remote code execution via man-in-the-middle attack vulnerability. The exploit can be triggered using the following request:
    POST /wp-load.php?vaultpress=true&action=exec HTTP/1.1

    https://packetstormsecurity.com/files/141422/wpvaultpress184-exec.txt

    Hi CFC,
    I’m sorry but I don’t have ETA regarding “#FB3087” case, however, I have updated the case with your input in this thread.

    After checking the “VaultPress Changelog“, seems like this vulnerability you mentioned has been already fixed since version 1.8.7.

    Thanks.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Vaultpress blocked for SQL injection’ is closed to new replies.