aporter

Hi,

Sorry another question are you able to tell me what the contents of the file wp-content/mu-plugins/aios-firewall-loader.php are?

Also can you tell me what is at the top of your wp-config.php file in the AIOS section?

E.g whats between:

// Begin AIOWPSEC Firewall

and

// End AIOWPSEC Firewall

Best Wishes,

Ashley

Hi,

Thank you for all that information.

I will try to reproduce and will update you when I know more.

Best Wishes,

Ashley

Hi,

Thanks, could you also let me know how you updated from 5.2.1 to 5.2.2?

Was it done via the WordPress plugin update UI, or did you update via another plugin something like MainWP? Or was it done via the command line?

Best Wishes,

Ashley

Hi,

We haven’t been able to reproduce this issue yet.

Would you be able to provide some more information:

1) how did you update the plugin (did you use a plugin, cli, the gui, etc..)

2) if the firewall is setup or not

3) php version and web server information

Best Wishes,

Ashley

Hi,

Can you explain what you mean by “connection logs”?

Are you talking about the “Audit log”, if so what version of the plugin are you on?

Best Wishes,

Ashley

Hi,

We haven’t been able to reproduce this issue and we have only had one other report.

Would you be able to provide some more information:

1) how did you update the plugin (did you use a plugin, cli, the gui, etc..)

2) if the firewall is setup or not

3) php version and web server information

Best Wishes,

Ashley

Hi,

We haven’t been able to reproduce this issue and we have only had one other report.

Would you be able to provide some more information:

1) how did you update the plugin (did you use a plugin, cli, the gui, etc..)

2) if the firewall is setup or not

3) php version and web server information

Best Wishes,

Ashley

Hi,

Sorry about the delay.

Could you provide a bit more information, are you seeing any error messages etc?

I’ll create a ticket to investigate this conflict, but I have a feeling it maybe something WP Staging needs to resolve.

Best Wishes,

Ashley

Hi,

Sorry about the delay.

That message indicates that your PHP installation is only allowed to run for 30 seconds and the scanner is trying to run longer than that.

You could ask your hosts if they could increase the Maximum execution time and then try and run the scan again.

Best Wishes,

Ashley

Hi,

You can add the following constant to your wp-config.php to disable the login lockout feature:

define(‘AIOS_DISABLE_LOGIN_LOCKOUT’, true);

Careful with copy and pasting the above sometimes the formatted gets messed up.

You should then be able to login and remove your IP from the list of blocked IPs.

Then you can set the above constant to false or remove it.

Best Wishes,

Ashley

Hi,

Sure I will add a ticket to our internal task tracker to see how best we can handle this.

For now I recommend the above, you could even use the filter to ignore failed login attempts for the username “mail”

Or you could start blocking them IP addresses (I understand theres a lot of them, but it should help reduce the logs)

Best Wishes,

Ashley

Hi All,

Thanks for the feedback and sorry this message wasn’t clear enough.

We are working to port all existing .htaccess rules that can be ported over to the PHP firewall.

We are also working on cleaning up the UI/UX.

Both these we have been doing in chunks with the aim to not introduce any problems.

The next release we will make sure the UI makes it clear what rules are in .htaccess and what ones are PHP based.

For those still confused on whats happened:

If you saw the notice it will have a list of the rules that have been converted from .htaccess to the PHP firewall and that have been disabled to avoid any unexpected lockouts

This means them rules will no longer be in your .htaccess file and that they are currently turned off

After you have verified that the rules are not going to cause you any problems, you can select the button on the notice that will turn them all back on.

@siriusmw the basic firewall still runs via .htaccess so that setting should have been unchanged.

The only settings that changed last release are:

completely block xmlrpc
bad query strings
block proxy comments
advanced character filter

So they are the only ones you need to turn back on (if you previously had them on, the notice will tell you what ones you did have).

If you still have any other questions just let me know.

Best Wishes,

Ashley

Hi,

Thanks for the report.

Looking into this now.

Best Wishes,

Ashley

Hi,

Are they all from the same IP address?

Do you recognise the IP or do you have any service that would be trying to login to your website with the username mail?

If not and assuming it’s from the same IP address every time you could block the IP.

You can then manually clean all the failed attempts using the bulk delete option on the audit table.

Best Wishes,

Ashley

Hi,

Yes because some rules are still done via .htaccess

We are in the process of converting all the .htaccess rules that can be converted into PHP based rules.

We are also in the process of moving around a lot of the UI options and part of this will be reworking the firewall admin menu.

Both of these tasks we are doing in parts and slowly to try and avoid introducing any issues.

Sorry for the confusion caused.

Best Wishes,

Ashley