KC Admin area Monitor

Description

This plugin is for at least “middle techy” developers or site owners, as works with “too raw” info.

This plugin is a “security camera” only, passive registering tool, not a “guard”, active protection tool. Whitelisting blocks only messages to you, not the work of your site, theme and plugins.

When anybody sends a request to your WordPress dashboard, you will get a mail. There in mail will be all the info about this request: call stack, _REQUEST and _SERVER arrays, and a message from the plugin. Messages will be only two: “KCAM options saving” or “Alert”.

Note, it sends emails on EVERY request, include your activity in the admin area and saving his own options. That is because plugin can not recognise “you”. To not be flooded with emails, you must set the whitelist. Means, copy some unique string (in “Usage” section you will find examples) from the email you got from it, put in whitelist and you will not get emails that have this string inside.

In the screenshot I set (row by row) my IP, a marker from another tool of mine, my mobile user agent (as it can have lot of IPs, can not set them all), “action” from the logging plugin, several actions from intruders, all they mimic plugins I don’t run, so they are not menace for me, and finally, my server’s IP, sometimes wp_cron uses it.

Now I get only alerts about some plugins, that allow cracking, or when some intruders try some URLs, without to know the structure of my site. With that info I can do something to protect my site. I ban IPs of “most motivated” intruders, change plugins, even consult others what plugins to avoid and find viruses in other people computers just because they saw some pages on my site and viruses run scanning on the site right away, without their knowing.

Usage

The plugin sends emails like this:

_________REQUEST__________
!reauth! -> !1!
!redirect_to! -> !http://krumch.com/blog/wp-admin/!
_________Environment Variables__________ !DOCUMENT_ROOT! -> !/var/www/vhosts/krumch.com/httpdocs!
!FCGI_ROLE! -> !RESPONDER!
!GATEWAY_INTERFACE! -> !CGI/1.1!
!HTTP_ACCEPT! -> !*/*!
!HTTP_ACCEPT_CHARSET! -> !ISO-8859-1,utf-8;q=0.7,*;q=0.7!
!HTTP_ACCEPT_ENCODING! -> !gzip,deflate,identity!
!HTTP_ACCEPT_LANGUAGE! -> !en-us,en;q=0.5!
!HTTP_CACHE_CONTROL! -> !max-age=0!
!HTTP_CONNECTION! -> !close!
!HTTP_COOKIE! -> !PHPSESSID=4adii70f2r25e5s6ai1bh7m2b0!
!HTTP_HOST! -> !krumch.com!
!HTTP_USER_AGENT! -> !Mechanize/2.7.3 Ruby/1.9.3p551 (http://github.com/sparklemotion/mechanize/)!
!PATH! -> !/sbin:/usr/sbin:/bin:/usr/bin!
!PHP_SELF! -> !/blog/wp-login.php!
!PP_CUSTOM_PHP_INI! -> !/var/www/vhosts/krumch.com/etc/php.ini!
!QUERY_STRING! -> !redirect_to=http%3A%2F%2Fkrumch.com%2Fblog%2Fwp-admin%2F&reauth=1!
!REMOTE_ADDR! -> !23.88.121.52!
!REMOTE_PORT! -> !44030!
!REQUEST_METHOD! -> !GET!
!REQUEST_TIME! -> !1476619690!
!REQUEST_URI! -> !/blog/wp-login.php?redirect_to=http%3A%2F%2Fkrumch.com%2Fblog%2Fwp-admin%2F&reauth=1!
!SCRIPT_FILENAME! -> !/var/www/vhosts/krumch.com/httpdocs/blog/wp-login.php!
!SCRIPT_NAME! -> !/blog/wp-login.php!
!SERVER_ADDR! -> !50.62.142.159!
!SERVER_ADMIN! -> !server.elmarmaurer@yahoo.com!
!SERVER_NAME! -> !krumch.com!
!SERVER_PORT! -> !80!
!SERVER_PROTOCOL! -> !HTTP/1.1!
!SERVER_SIGNATURE! -> !Apache Server at krumch.com Port 80 !
!SERVER_SOFTWARE! -> !Apache!
_________MESSAGE__________ !
Alert

!

Looks scary? Nope, that is only the info of a HTTP request. Someone scans my site for some old bug… This is the full list of data, what the server knows about the request.

If you want to avoid emails like this, created by your activity on the site, you must set your IP in the whitelist. That is easy: copy the row:

!REMOTE_ADDR! -> !23.88.121.52!

Check if this is your IP (I use Infosniper or WhatIsMyIP). Then put in whitelist and you will not get email alerts for your activity. Do same for other admins in your site, if any.

If you want to stop alerts for the request, what have “reauth” parameter equal to “1”, grab this row:

!reauth! -> !1!

and put it in the whitelist. Note that there can be lot of requests with this parameter, and this will hide all of them.

This way you create your whitelist (each string/rule alone on a row). Set unique strings for each action you want to skip the alert, to be sure you will mute the exactly action you know that is not a problem for your site. Avoid HTML tags – they will be deleted. Please check my own settings at “Screenshot” tab bellow.

If you do a mistake, save wrong row or so, you won’t do any harm on your site. All the requests will be executed, not suspended, in any case. This plugin is a “security camera” only, passive registering tool, not a “guard”, active protection tool. You block only messages to you, not the work of your site, theme and plugins. It will work well with any plugin, include your security plugins. Actually, you can check how well works your security plugins, using this tool.

Screenshots

  • Admin area

Installation

Nothing special, just a generic installation. You must set it in admin area, please find a new row “KC Admin Monitor” in “Settings” menu. Fill the “whitelist”. See detailed description about that in next chapter.

FAQ

No questions, so far. Ask me, I will answer.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“KC Admin area Monitor” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

2016.06.02

  • Released as the very first version