Was the attack successfully blocked?

  • Resolved Katie

    (@katiethecreative)


    11 months, 3 weeks ago

    In the log file appeared the following:
    POST /index.php – Code injection – [RAW:POST = ]
    Inside the bracket came a php line with a php echo but I can’t paste it here for some reason.
    I ran the NinjaScanner and it didn’t detect any suspicious files but I’m still worried.
    Side note: Is there a list what rules (that are applied from in each case) mean so that it’s easy to understand how NinjaFirewall reacted to attacks (to determine if there was no unauthorized breach)?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author nintechnet

    (@nintechnet)

    It was blocked: Everything labelled as CRITICAL, HIGH or MEDIUM means the threat was blocked.
    There’s no list of rules because they change very often, others are used to protect against unpatched vulnerabilities etc.
    In your case, it is about “code injection”. If you give me the rule ID, I could give you more info about it.

    Thread Starter Katie

    (@katiethecreative)

    Thank you very much!
    I was very much hoping you’d say that. ??
    The rule was 157.

    Please let me use the opportunity to thank you for the work you do and your amazing plugin. I recommend it whenever I have the chance!

    Plugin Author nintechnet

    (@nintechnet)

    The rule is about RAW PHP code injection, e.g., someone injected PHP code inside the POST payload (<?php some-code-here).

    Thread Starter Katie

    (@katiethecreative)

    Thank you very much! ??

    The level UPLOAD means blocked?

    Plugin Author nintechnet

    (@nintechnet)

    No, it means someones tried to upload a file. It doesn’t mean it was uploaded. Is there a line below it that shows it was blocked?
    Are you allowing or blocking uploads (Firewall Policies > Uploads)?

    Firewall Policies > Uploads is allowed. I try to set it as blocking.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Was the attack successfully blocked?’ is closed to new replies.