WF failed to block according to rule

  • Resolved wjwc

    (@wjwc)


    9 years ago

    I realized a few times WF fails to block according to rule set.

    Once in a while these will slip past the security.

    Support, what do you think?

    https://prnt.sc/aaityv

    shrunk the page to display what this ip did https://prnt.sc/aaiw2s thats not even the full page yet.

    So this rule https://prntscr.com/aaiuve means that a guy can just set his hacking attempt timeout to 5.01 minutes and still get to do this all day long forever, because the least WF can do is 5 minutes. And I thought it should be smart enough to know that it should be “AND OR” rule. If a person exceed 3 times, block it, regardless of timeframe. It can be a year, 10 years, doesn’t matter.

    https://www.ads-software.com/plugins/wordfence/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter wjwc

    (@wjwc)

    See this?

    I have a redirection plugin that catches 404 errors. This is what was produced. https://prnt.sc/aajh7r

    And my setting was https://prnt.sc/aajhjx

    Explain to me how this ip managed to escape being caught? Simple, he used my domain as referrer. Now tell me how do I block such a smart hacker?

    So yes, 2 things.

    1. Any hacker can get around the block by setting timeout to more than 5 minutes.

    2. They also can bypass the block by setting my domain as referrer.

    Thread Starter wjwc

    (@wjwc)

    And one more.

    I set it to block a url where someone is stupid enough to set up amazon health check on my website for god knows what reason.

    https://prnt.sc/aajmu0

    And this was my option. https://prnt.sc/aajmws

    It completely failed to recognize the blacklisted url and none of it was blocked!

    WF team. Wake up. The more i dig the more i found how ridiculous your plugin is.

    1. Any hacker can get around the block by setting timeout to more than 5 minutes.

    2. They also can bypass the block by setting my domain as referrer.

    3. It failed to block IP in my blacklist URL.

    Thread Starter wjwc

    (@wjwc)

    Bump.

    Plugin Author Wordfence Security

    (@mmaunder)

    You’ve misunderstood how the option”Count failures over what time period” works. Please see:

    https://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period

    Your redirection question isn’t clear. It sounds like there’s a conflict with your redirection plugin. Also you have the limit on 404 errors set to unlimited and yet you seem to expect them to be caught.

    My guess is that for the blacklisted URL (and possibly the redirect issue) you’re processing those outside of WordPress. Unless the request is handled by WordPress, Wordfence doesn’t get involved.

    Regards,

    Mark.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WF failed to block according to rule’ is closed to new replies.