Forums

WordPress › Support » Plugins and Hacks

Mute Screamer
What's the purpose of this plugin? (5 posts)

  1. energymover
    Member
    Posted 1 year ago #

    Hi,

    Okay, I get that it alerts you, but as far as I can tell it does nothing. I keep getting the same attacks from the same IP's. So I looked in the database, but I don't see any database where you store IP's of offenders.

    Thanks,
    Paul

    http://wordpress.org/extend/plugins/mute-screamer/

  2. energymover
    Member
    Posted 1 year ago #

    Also, a very helpful addition would be a way to prevent it from thinking the admin was an attacker. Everyday I get emails that *I* am attacking my own website.

    Thanks

  3. ampt
    Member
    Posted 1 year ago #

    It doesn't really do anything out of the box except log any requests which it *thinks* is an attack attempt. Things like alert emails and warning pages are not enabled by default.

    You should have a table in your database named mscr_intrusions. This is where everything is logged.

    The Mute Screamer settings page also has a number of other options that you can configure:
    WP-Admin -> Settings -> Mute Screamer

    To stop getting emails that you are attacking your own website you can do two things:

    1. Disable Mute Screamer in WP Admin entirely, on the Mute Screamer settings page uncheck the box "Enable Mute Screamer for the WordPress admin"

    2. Or you can exclude fields from the IDS by adding them to the exceptions list on the settings page.

    Here is the default list that Mute Screamer uses on a fresh install:

    REQUEST.permalink_structure
    POST.permalink_structure
    REQUEST.selection
    POST.selection
    REQUEST.content
    POST.content
    REQUEST.__utmz
    COOKIE.__utmz
    REQUEST.s_pers
    COOKIE.s_pers

    Those fields are the ones I have come across so far that have caused false positives in the WP Admin, so they are excluded by default.
    If you find that a particular field is reporting too many false positives then you can add it to the exceptions list.

    Note that if you add a field eg POST.my_field you will also need to add REQUEST.my_field
    This is becuase Mute Screamer checks the globals $_REQUEST, $_GET, $_POST, $_COOKIE and in that order

  4. ivanoats
    Member
    Posted 1 year ago #

    It seems like one should add Post.page and Post.comment (and requests) otherwise it has a lot of false positives.

  5. ampt
    Member
    Posted 1 year ago #

    As ivanoats pointed out there will be alot of false positives for those fields, these will be added to the defaults in the next release

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags