drgonzo3000

It was possibly installed when the site was originally created and testing out payment plugins, but I don’t specifically remember what all plugins we tested.

Regardless I never authorized Jetpack to connect to my site to harvest data through a different plugin that has zero mention of it also installing a Jetpack sniffer to harvest data from my site. Then years later after the original plugin was uninstalled, jetpack has still continually tried to make a connection to my site. Jetpack is basically spyware at that point as it installed itself without direct authorization, generated the necessary auth tokens to allow access to rest endpoints it created and then never unregistered itself when the plugin was removed.

I thank you for unregistering my site, but I have already blocked the entire WordPress CIDR block at the firewall to ensure it stops.

WooCommerce Payments is not a plugin I have installed, I use a Paypal plugin to process payments.

Jetpack functionality in the storefront theme is only loaded if Jetpack is installed. So the class-storefront-jetpack.php should never be loading on my site. https://github.com/search?q=repo%3Awoocommerce%2Fstorefront++jetpack&type=code

Also, these are inbound requests from WordPress servers not outbound requests from something embedded in my instance. So the question still stands, why is Jetpack trying to gather data from my site?

It’s attempting to hit an endpoint that doesn’t exist and using a token and hash so I assume it’s trying to authenticate.
?rest_route=/jetpack/v4/connection/data&_for=jetpack

That feature request you linked to has been open now for 4 years, with the Highest voted requests opened for even longer. So that feature request portal is nothing more than a black hole used by Project Managers to ignore community feedback. Now you know why your plugins have horrible ratings.

I need a way to filter out the statuscake and uptimerobot checks from the live logs, currently 90% of my live logs are nothing but the same requests from those checks which makes it near impossible to see anything else going on in the logs. Since those items are on the allowlist I would figure there would be some option to exclude them from the live logs just as I can do with my own IP address. Adding Statuscake IP’s to the ignore is not feasible as they have way too many from their various global nodes.

4 weeks now and zero update on this bug.

Glad I didn’t waste my money on this plugin.

Adding an exception to ModSecuity is not really a solution, it’s a workaround that could expose a security risk. @wfpeter needs to find out why Wordfence is triggering the security rule to begin with and correct the problem.

I did some testing by removing blocks from the .htaccess file to see if anything added there was causing the redirect. After removing every single line, including the default WP code to handle the url rewrite rules I found that the all options link now goes to a 404 page. Only this link does that. all of the other links in the WF sidebar work.

I also flushed out the bannerURLs in the wp_wfconfig table to ensure none of the entries I added in there were actually causing an issue. Corrected nothing.

@wfpeter Diagnostic report has been sent.’

WF is installed at the network level, not on an subsite. Was installed through the normal WP plugin page not manually installed.

• This reply was modified 1 year, 2 months ago by drgonzo3000.

I have also just found an issue with the allowlist services, I have Statuscake and Uptime robot selected, but one of the Statuscake nodes checks is being blocked as I have a hostname block for AWS.

Activity Detail
 Stockholm, Sweden was blocked for UA/Hostname/Referrer/IP Range not allowed at /
12/20/2023 9:50:59 AM (7 minutes ago)  
IP: 13.48.110.214 Hostname: ec2-13-48-110-214.eu-north-1.compute.amazonaws.com
Human/Bot: Bot
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/98 Safari/537.4 (StatusCake)

My hostname block rule is set to – Hostname - *amazonaws.com

Hi Mark,

The IP address is my IP as I want to filter out that traffic from the live logs, My ip is showing as all the same in the live logs. Not going to post my IP here but it is the correct ip address. Not filtering on username as I have bots trying to brute force login and I need to see those entries where they attempt to use my username.

Monitoring filtering is done using the monitors browser user-agent, which has to be done as the monitoring runs from various nodes around the world, but they all use the same identifies in the user-agent.

Uptime-robot uses- Mozilla/5.0+(compatible; UptimeRobot/2.0; https://www.uptimerobot.com/)
StatusCake uses – Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/98 Safari/537.4 (StatusCake)

I have the browser user agent filter set as:

"*UptimeRobot/2.0*", "*(StatusCake)*"

This is assuming it is string based comma separated filtering and that wildcarding is allowed. Your documentation does not list acceptable formats or give examples for any of this so I based it on standard wildcard string practice.

My monitoring runs every 5 mins form multiple nodes on both systems, so live logs are flooded with those status checks and I can’t seem to get them filtered out.