WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Firewall 2
Google images and Yahoo images causing false positives (8 posts)

  1. Andrew Laws
    Member
    Posted 2 years ago #

    I'm getting bursts of what appear to be false-positives that appear be something to do with Google and Yahoo images, here's a typical alert email:

    Offending Parameter:  	SnapABugRef = http://www.universalconvertingequipment.com/slitter-rewinder-machines http://search.yahoo.com/search;_ylt=A0oG7jhZA6xP7zcAQHJXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzEEZnIDeWZwLXQtNzAxBGhvc3RwdmlkAzFxcDdBVW9HN3Y0bC55WTdUMURJWHd1ZHJUdEw0MC5zQTFrQUR0X1cEbl9ncHMDMTAEbl92cHMDMARvcmlnaW4Dc3JwBHF1ZXJ5A3NsaXR0ZXIgcmV3aW5kZXIEc2FvAzIEdnRlc3RpZANINDY1?p=slitter+rewinder&fr2=sb-top&fr=yfp-t-701
    
    This may be a "WordPress-Specific SQL Injection Attack."

    I've had a look around this forum and can't find mention of anyone else having this problem. I'm reluctant to switch off detection of this type of attack.

    http://wordpress.org/extend/plugins/wordpress-firewall-2/

  2. llworldtour
    Member
    Posted 2 years ago #

    I'm also getting false positives for an image when people search for it on Google. And I am unable to white list and get the page saying I don't "have permissions." Help! Ready to deactivate...

  3. flashbuddy
    Member
    Posted 2 years ago #

    The plugin developer, Pavy, reported eight months ago:

    I understand everyone's frustration with this issue. Please understand that my full-time job must come before this, as well as many other things.

    I do fully intend to update WordPress Firewall 2 as soon as possible. I've had some fixes and a few new features already done, literally for months now. I know I said it would be much, much sooner; I know a lot of time has gone by. Regardless of how much I can get done in the next 1-2 weeks, I will release an update, so you all can see at least some progress.

    Please continue to report issues - I do check this forum, I am aware of the most annoying problems, and I do intend to have at least the serialize/unserialize issue fixed in this update.

    A final note, the serialize/unserialize errors are not fatal errors. WF2 will continue to operate, even when encountering these errors. If you have WF2 installed, even if you get these errors, the plugin is still protecting your site.

  4. Andrew Laws
    Member
    Posted 2 years ago #

    I'm now getting false positives by the hundred from google adwords referrals to the site, which is a real shame. Does anyone know how to hack the code to add exceptions?

  5. WP Monkey
    Member
    Posted 2 years ago #

    I am getting similar on two of my live commercial sites and all the images on them were blocked.

    Pavy - I realize that you have a full-time job, but 63,400+ people have downloaded your plugin and if there is an error in it that is blocking media files needlessly then I would consider this a priority problem.

    I tried whitelisting the variable as per the link in the false alert email, but then I get a "You do not have sufficient permissions to access this page." error. I've also tried whitelisting the variable manually based on the information in the email, but ultimately what worked was turning off the filter that created the false alerts (SQL queries) which is a concerning fix.

    Again, I got a phone call from a client who received several call from her client because images were down on the live site, so this is not good.

  6. Andrew Laws
    Member
    Posted 2 years ago #

    Things got a bit worse here, I'm reasonably sure that this firewall was misinterpreting the traffic from our Google Adwords adverts as being attacks, which means we were paying for traffic that wasn't able to see our site!

    I've given up on it and moved to http://wordpress.org/extend/plugins/wordfence/

  7. Treebeard
    Member
    Posted 2 years ago #

    I second that notion! I'm working on deleting this for an associate, she installed this plugin and now I can't even access her blog at all, so it blocked me (and who knows how many others) from accessing a huge part of her website. That means that it's pulling IP addresses out of nowhere, because I haven't searched for any images on her site, but the email shows a similar link to an image, like the one you pasted above (from Google image results). I think this plugin still needs a LOT of work before it can be reliable.

  8. Treebeard
    Member
    Posted 2 years ago #

    Just an FYI, after you deactivate and delete the plugin, you still have to go into the database and manually delete 18 database tables...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic