WordPress.org

Ready to get started?Download WordPress

Forums

NinjaFirewall (WP edition)
[resolved] getting blocked when editing a plugin (4 posts)

  1. Ovidiu
    Member
    Posted 1 year ago #

    within the firewall options I allowed file editing and set the option to prevent the admin from being blocked although if your plugin is only checking for a user named admin that won't work, since my admin username differs.

    Here is the log:

    28/Apr/13 10:28:33  #6242549  critical   155  41.150.64.194    POST /wp-admin/plugin-editor.php - Code Injection - [POST:newcontent = <?php%0d%0a/*%0d%0aPlugin Name: WP fail2ban%0d%0aPlugin URI: https://charles.lecklider.org/wor...]

    http://wordpress.org/extend/plugins/ninjafirewall/

  2. nintechnet
    Member
    Plugin Author

    Posted 1 year ago #

    The firewall relies on the user role (administrator), not on its name.

    Are you sure you have the correct permissions? That could also explain the wp_nonce_ays() error message you mentioned in that thread.

    If you want to see whether you are whitelisted or not while you are logged in, append a ?test=nullbyte%00 string to your WP index URL:

    http://www.your-blog.tld/wp-admin/index.php?test=nullbyte%00

  3. Ovidiu
    Member
    Posted 1 year ago #

    Thanks for your support!

    1. These two errors (nonce and being blocked) appeared on 2 different blogs.
    2. Appending that string to blog a) where ninjafirewall is active I am being blocked despite being an admin.

    Any other info I can supply you with?

  4. Ovidiu
    Member
    Posted 1 year ago #

    This might be a caching problem but not sure where it occurs as I have just tried again to access mydomain.tld/wp-admin/index.php?test=nullbyte%00 and this time I wasn't blocked.

    There is plenty of caching going on, first the DNS is going through Cloudflare which serves as a CDN and WAF too, then I'm running nginx + fastCGI and fastCGI_cache is being used as well as APC which has a system cache as well as user cache.

    SO I guess we can close this issue, I guess that this might have been a caching issue.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.