kcwebguy

I just now went in to try a different post and it succeeded. Which is great!

I will reach out to you again in the event I have another Instagram Posting Failure.

Thanks!

I am brand new to your plugin. I have a very simple and short message and an image that I’m posting to Instagram and I got the same error. No hashtags or anything.

What is the situation and how do I resolve it?

No results returned for me… this just started after updating to latest WP

Is there a status on the fix for 1.4.8 yet?

I had an error in the .htninja file. Fixing that resolved the 500 Error issue.

Thanks for the help on this.

I cannot say enough how powerful this plugin is as an Application Firewall for WordPress sites. I continue to be a huge fan of you guys.

Thanks again!

Ok… so yes, my server is using HTTP_X_FORWARDED_FOR to pass the Real IP.

How do I tell Ninja to use that HTTP_X_FORWARDED_FOR value instead of the server value?

I want to be able to see what the Real IP’s are in the logs.

Here is the most recent log data. All real values have been changed to protect my information. In this case IP 1.2.3.4 is my server public ip, which is what nginx is reporting back to the plugin.

DATE INCIDENT LEVEL RULE IP REQUEST
03/Jul/18 19:52:41 #7980318 HIGH – 1.2.3.4 GET /xmlrpc.php – Unauthorized REQUEST_METHOD to the XMLRPC API – [REQUEST_METHOD: GET] – https://www.domain.com
14/Jul/18 10:43:02 #3114722 HIGH – 1.2.3.4 GET /xmlrpc.php – Unauthorized REQUEST_METHOD to the XMLRPC API – [REQUEST_METHOD: GET] – domain.com
15/Jul/18 10:14:18 #1850891 HIGH – 1.2.3.4 GET /xmlrpc.php – Unauthorized REQUEST_METHOD to the XMLRPC API – [REQUEST_METHOD: GET] – domain.com
15/Jul/18 12:14:11 #4637280 INFO – 1.2.3.4 GET /wp-admin/admin-ajax.php – Access to a script modified/created less than 24 hour(s) ago – [/home/username/public_html/wp-admin/admin-ajax.php] – https://www.domain.com
15/Jul/18 13:20:46 #6164126 INFO – 1.2.3.4 GET /wp-login.php – Access to a script modified/created less than 24 hour(s) ago – [/home/username/public_html/wp-login.php] – https://www.domain.com
15/Jul/18 16:31:01 #5950886 CRITICAL – 1.2.3.4 POST /wp-admin/admin-ajax.php – Blocked file upload attempt – [revslider.zip (191,590 bytes)] – https://www.domain.com
15/Jul/18 16:31:12 #3322533 CRITICAL 3 1.2.3.4 GET /index.php – Local file inclusion – [GET:file_link = /etc/passwd] – https://www.domain.com
15/Jul/18 16:31:12 #2954708 CRITICAL 3 1.2.3.4 GET /index.php – Local file inclusion – [GET:url = /etc/passwd] – https://www.domain.com
15/Jul/18 16:31:12 #4193305 CRITICAL 3 1.2.3.4 GET /index.php – Local file inclusion – [GET:filepath = /etc/passwd] – https://www.domain.com
15/Jul/18 16:31:12 #1545195 CRITICAL 1 1.2.3.4 GET /index.php – Directory traversal – [GET:fileName = ../../../../../../../../../../etc/passwd] – https://www.domain.com
15/Jul/18 16:31:12 #1192274 CRITICAL 1 1.2.3.4 GET /index.php – Directory traversal – [GET:filename = ../../../../../../../../../etc/passwd] – https://www.domain.com
15/Jul/18 16:31:12 #8904210 CRITICAL – 1.2.3.4 POST /index.php – Blocked file upload attempt – [ZJohnYNB.php (267,374 bytes)] – https://www.domain.com
15/Jul/18 16:31:13 #3345962 CRITICAL 1369 1.2.3.4 POST /index.php – Remote command execution – [POST:execute = wp_insert_user] – https://www.domain.com
15/Jul/18 17:44:56 #3691827 HIGH – 1.2.3.4 GET /index.php – User enumeration scan (author archives) – [author_name=user1] – https://www.domain.com
15/Jul/18 22:26:44 #2705200 HIGH – 1.2.3.4 GET /index.php – User enumeration scan (author archives) – [author=1] – https://www.domain.com
15/Jul/18 22:30:11 #1606203 HIGH – 1.2.3.4 GET /index.php – User enumeration scan (author archives) – [author_name=user2] – https://www.domain.com
15/Jul/18 22:30:13 #1030947 HIGH – 1.2.3.4 GET /index.php – User enumeration scan (author archives) – [author_name=user3] – https://www.domain.com
15/Jul/18 22:30:14 #8934174 HIGH – 1.2.3.4 GET /index.php – User enumeration scan (author archives) – [author_name=user1] – https://www.domain.com
15/Jul/18 22:30:16 #5272196 HIGH – 1.2.3.4 GET /index.php – User enumeration scan (author archives) – [author_name=user4] – https://www.domain.com
16/Jul/18 03:26:35 #6725757 HIGH – 1.2.3.4 GET /index.php – User enumeration scan (author archives) – [author=1] – https://www.domain.com
16/Jul/18 03:26:35 #4231738 HIGH – 1.2.3.4 POST /xmlrpc.php – Access to WordPress XML-RPC API – [/xmlrpc.php] – https://www.domain.com

I have moved the .htninja into the site root, the same directory as wp-config.php, and still get 500 errors when the file is in place.

Please advise what I need to do to have real ip’s show in the log and what to do to ensure that necessary server processes are not being blocked.

Thank you very much for this. You have an amazing plugin. After trying so many other alternatives, yours is the one that I’m sticking with. Very powerful and very good at protecting sites.

Thanks so much!

• This reply was modified 6 years, 9 months ago by kcwebguy.

Yup… that is what I discovered.

Thanks for the follow up. Great product!

I switched to the user.ini option and was able to get the Full WAF Mode to load.

Correction in htaccess suphp : suphp_configpath /home/username/public_html

I thought that was the case.

Thanks for your quick reply!

Thank you very much.

Great support as always!

Got it. Thanks

When will the fixes for this issue be released to wordpress for automatic updates?