WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Firewall 2
WP Firewall 2 misinterpreting GoDaddy SiteScan activity (2 posts)

  1. sdambrot
    Member
    Posted 2 years ago #

    The plugin treats said activity as SQL Injection, WP-specific SQL injection, Directory Traversal, etc. attacks. Moreover, it interprets the same scan routine differently every day, in all cases generating hundreds of email alerts. Since SiteScan uses dynamic IP, there's no way that I can see to proactively whitelist or otherwise prevent this behavior. Finally, I could get nowhere with the techs, since the plugin being compatible only up to WP 3.05 was sufficient for them to not investigate any further.

    THis is very problematic, since without a solution I have to decide between deleting the plugin, stopping all email alerts, or leaving things as they are - but none of these are acceptable.

    Any ideas?

    http://wordpress.org/extend/plugins/wordpress-firewall-2/

  2. kendawes
    Member
    Posted 2 years ago #

    I may be a bit late to your party...

    I had the same problem on some clients' sites and spent *many* hours tracking down the problem.... I finally did!

    GoDaddy sends out its own internal bots via its SiteScan - checking sites on their servers for vulnerabilities that could compromise the websites as well as the GoDaddy servers. These usually run late at night... I usually see it around 2-3am. Besides being a problem for Firewall 2, your site will come to a virtual screaming halt while it's being scanned.

    GoDaddy actually has a list of the IP addresses they use, and I found it!

    I have added a block to those IP addresses in the site .htaccess files and the problem disappears.

    Here's what I added...

    <Limit GET POST PUT>
     Order Allow,Deny
     Allow from all
    # IP addresses below deny GoDaddys website SiteScan
     Deny from 72.167.191.1
     Deny from 72.167.191.2
     Deny from 72.167.191.3
     Deny from 72.167.191.6
     Deny from 72.167.191.7
     Deny from 72.167.191.8
     Deny from 72.167.191.11
     Deny from 72.167.191.12
     Deny from 72.167.191.13
     Deny from 72.167.191.14
     Deny from 72.167.191.15
     Deny from 72.167.191.16
     Deny from 72.167.191.17
     Deny from 72.167.191.18
     Deny from 72.167.191.19
     Deny from 72.167.191.20
     Deny from 72.167.191.10
     Deny from 72.167.191.21
     Deny from 72.167.191.22
     Deny from 72.167.191.23
     Deny from 72.167.191.24
     Deny from 72.167.191.25
     Deny from 72.167.191.26
     Deny from 97.74.139.193
     Deny from 97.74.139.194
     Deny from 97.74.139.195
    </Limit>

    I hope this helps!
    Ken

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic