WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Firewall 2
SQL Injection Attack from... The White House?! So Says WP Firewall (5 posts)

  1. mrsmecomber
    Member
    Posted 2 years ago #

    Hey! This is my first time in the forums. LOVE the plugin.

    I often get emails telling me that WP-F has detected and blocked a possible SQL Injection attack. Sometimes I check up on the IPs, sometimes I don’t. This time I did. The results are baffling:

    Web Page: newyorktraveler.net/
    Warning: URL may contain dangerous content!
    Offending IP: 198.137.241.197 [ Get IP location ]

    Offending Parameter: __gads = ID=2d61acce4548d02d:T=1345045601:S=ALNI_MZqjTInnSGUl1dgHIfY1c371-0xDA

    I looked up the IP, and its the White House. Of the President of the United States….

    HUH?

    Anybody got any ideas? Is this a spoofed IP address or is the White House really attacking my website! :S

    I’m also a little alarmed that it says that the main URL of my site may contain malicious content. My server and blogs were severely hacked a few months ago so I’m very jumpy. Please help, anyone! Thanks

    http://wordpress.org/extend/plugins/wordpress-firewall-2/

  2. Julio Potier
    Member
    Posted 2 years ago #

    Hello

    First: Welcome ;)
    Second: WP Firewall 2 is known for good job but less for its own security flaws (XSS, XSRF).
    Third: 99%, this is a spoofed IP ;)
    Fourth: I'm Web Security Consultant, maybe you can trust in me :)

    See you !

  3. Wordfence
    Member
    Posted 2 years ago #

    Hi,

    This question was also posted on our forums and I replied here:

    http://www.wordfence.com/forums/topic/sql-injection-attack-from-198-137-241-197/

    The IP does, at least to me, appear to come from the executive office of POTUS.

    I'd love to learn more if anyone has any additional data on that particular IP?

    Regards,

    Mark.

  4. mrsmecomber
    Member
    Posted 2 years ago #

    Thanks for your replies.

    Yes, the POTUS IP is very .... interesting. I'm eager to see if others have gotten the same thing.

  5. mrsmecomber
    Member
    Posted 2 years ago #

    Also, the visit seemed attack-y. The Firewall plugin sent me about 100, 150 emails about the attack all from the same IP within a period of 2 minutes or so.

    Just plain weird. Wonder what it is??

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic