Slot machines online philippines real money.REGISTER NOW GET FREE 888 PESOS REWARDS!

Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

Forum: Plugins
In reply to: [NinjaScanner - Virus & Malware scan] 3.0.1 Scan hangs after Google Safe Browsing

Thread Starter Paul Fischer
(@paulfischer)

4 years ago

WP: 5.5.3
PHP: 7.3
*********************************
Ninja Firewall

Firewall Enabled
Mode NinjaFirewall is running in Full WAF mode.
Edition WP Edition ~ Need more security? Explore our supercharged premium version: NinjaFirewall (WP+ Edition)
Version 4.2.6 ~ Security rules: 2020-10-29.1
PHP SAPI CGI-FCGI ~ 7.3.12

**********************************
Ninja Scanner

Advanced Users Settings

File integrity checker
x Always verify NinjaScanner’s files integrity before starting a scan.
x Compare WordPress core files to their original package.
x Compare plugin files to their original package.
x Compare theme files to their original package.

By default, only themes and plugins available in the www.ads-software.com repo can be checked that way. If you want to include premium plugins or themes too, consult our blog.

File snapshot x Report files that were changed, added or deleted since last scan.

Database snapshot x Report pages and posts that were changed, added or deleted in the database since last scan.

Anti-malware signatures x Linux Malware Detect + NinjaScanner

Google Safe Browsing Test API Key: Your API Key is valid

Files and folders x Do not follow symbolic links.
x Warn if symbolic links.

x Warn if hidden PHP scripts.
x Warn if unreadable files of folders.

Scanning process x Fork process using WordPress built-in Ajax Process Execution.
[NB using WP-CRON fails on initialising]

Scan report Display report: x On one page.
Row action links: x Show when hover on row.
Number of visible rows in table: 6 rows
File names: x Show absolute path.
x Highlight syntax when viewing a file.

Nerds Settings

File integrity checksum x Use SHA-1.

Debugging x Show the “Log” tab.
Sandbox x Enable the quarantine sandbox.

Run the garbage collector NEVER

Forum: Plugins
In reply to: [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall] Suspicious Get requests on Live Log but not Firewall Log

Thread Starter Paul Fischer
(@paulfischer)

4 years, 2 months ago

The rule is working.
From todays Firewall Log, only one batch:

31/Aug/20 08:01:29 #2518737 HIGH 323 92.220.xxx.xxx GET /index.php – Proxy attempt – [SERVER:REQUEST_URI = /%EF%BB%BFhttps://009consultants.com/cdzn/6lzjt.php?vkjwjq=battlefront-2-error-code-1756]
31/Aug/20 08:01:31 #3858922 HIGH 323 92.220.xxx.xxx GET /index.php – Proxy attempt – [SERVER:REQUEST_URI = /%EF%BB%BFhttps://0800construction.com/pnjgwyu/83udg8l.php?cqlafctzk=freedom-homes]
31/Aug/20 08:01:33 #6266734 HIGH 323 92.220.xxx.xxx GET /index.php – Proxy attempt – [SERVER:REQUEST_URI = /%EF%BB%BFhttps://100ctr.com/izpwx7u/815rmrz.php?jrhihldjp=red-canoe-nasa-bag]
31/Aug/20 08:01:34 #4575957 HIGH 323 92.220.xxx.xxx GET /index.php – Proxy attempt – [SERVER:REQUEST_URI = /%EF%BB%BFhttps://100ctr.com/zqdfr2p/0yjysga.php?hpbzohikt=katar-of-quaking-quest-ragnarok-mobile]
31/Aug/20 08:01:42 #3859118 HIGH 323 92.220.xxx.xxx GET /index.php – Proxy attempt – [SERVER:REQUEST_URI = /%EF%BB%BFhttps://111posters.com/loggers/a7og/7jne9.php?qphxlu=moonlight-characters]
31/Aug/20 08:01:43 #4880026 HIGH 323 92.220.xxx.xxx GET /index.php – Proxy attempt – [SERVER:REQUEST_URI = /%EF%BB%BFhttps://162.243.xxx.xxx/wp-content/uploads/2018/05/qcdqwuc/3n5tpft.php?hgeftlcgm=dazn-blocking-vpn]
31/Aug/20 08:01:45 #8449109 HIGH 323 92.220.xxx.xxx GET /index.php – Proxy attempt – [SERVER:REQUEST_URI = /%EF%BB%BFhttps://2be-up.com/tor4sjq/2cultuh.php?sgahfggzm=lo-fi-jazz-samples]
31/Aug/20 08:01:46 #6052723 HIGH 323 92.220.xxx.xxx GET /index.php – Proxy attempt – [SERVER:REQUEST_URI = /%EF%BB%BFhttps://aahi.co.uk/acu8/6xkxv.php?ldslhr=texas-bombers-softball-10u]
31/Aug/20 08:01:48 #4156489 HIGH 323 92.220.xxx.xxx GET /index.php – Proxy attempt – [SERVER:REQUEST_URI = /%EF%BB%BFhttps://semplice.optart.biz/fkqyji0/jg5s57z.php?hkvkasbre=toyota-crawler-forums]

Thanks again.

Forum: Plugins
In reply to: [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall] Suspicious Get requests on Live Log but not Firewall Log

Thread Starter Paul Fischer
(@paulfischer)

4 years, 2 months ago

Many thanks.

Forum: Plugins
In reply to: [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall] Suspicious Get requests on Live Log but not Firewall Log
Thread Starter Paul Fischer
(@paulfischer)

4 years, 2 months ago
I’m blocking most of the IPs. Not all batches have MJ12Bot.com – it was just the batch I listed.
Some of the IP addresses come back as

an unknown host on AS25513 PJSC Moscow city telephone network
an unknown host on AS42313 Albtelecom Sh.a.
an unknown host on AS8560 1&1 IONOS SE
an unknown host on asvmi221909.contaboserver.net

But then around the same times as the “GET /%EF%BB%BF”, I’ve also had logged on the Firewall from the same IP’s (I’ve GDPR’d the IP’s):

29/Aug/20 01:22:50 #2597862 HIGH – 194.135.xxx.xxx POST /xmlrpc.php – Access to WordPress XML-RPC API – [/xmlrpc.php]

29/Aug/20 04:46:55 #6739251 HIGH – 79.106.xxx.xxx POST /xmlrpc.php – Access to WordPress XML-RPC API – [/xmlrpc.php]

29/Aug/20 05:33:51 #1176163 HIGH – 51.15.xxx.xxx POST /xmlrpc.php – Access to WordPress XML-RPC API – [/xmlrpc.php]

29/Aug/20 10:08:17 #7238198 CRITICAL 1429 212.227.xxx.xxx GET /index.php – WP backdoor plugin – [SERVER:REQUEST_URI = /wp-content/plugins/ioptimization/IOptimize.php?rchk]

I have set the HTTP error return as 503, with Block any access to the API set.

Hence the original question, as it looks like part of the same batch of probing/attack vectors from the same operator(s).
- This reply was modified 4 years, 2 months ago by Paul Fischer.
- This reply was modified 4 years, 2 months ago by Paul Fischer.

Viewing 4 replies - 1 through 4 (of 4 total)