Bot scans for things like website-url/wp/v2/posts/?per_page=100

  • Resolved mountainguy2

    (@mountainguy2)


    6 years, 6 months ago

    Just a PSA for everyone, perhaps will help.

    I’m not sure why none of my security software solutions, including Wordfence, by default catch these clearly criminal scans I’m getting over and over again, such as website-url/wp/v2/posts/?per_page=100

    Securi explains what they are:
    https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

    Yet another security hole gift from WordPress. I’m so over it but I’m stuck with it.

    I blocked something like
    /wp/v2/* and /*/wp/v2/*

    In my WF Options/Immediately-Block-URLS

    But I wish I didn’t have to keep taking the time to block these obvious exploit attempts.

    MTN

Viewing 3 replies - 1 through 3 (of 3 total)
  • wfyann

    (@wfyann)

    6 years, 6 months ago

    Hi @mountainguy2,

    Indeed this could be an attempt to exploit the WordPress content injection vulnerability via the REST API.

    Although, the issue was fixed in version 4.7.2 and most WordPress users should have an up-to-date version, there are most likely many WordPress sites still running that problematic version, hence the attempts.

    Unfortunately, we can’t block the whole rest API for all of our users automatically, as this could have consequences on many sites.

    At this stage, the actions you took are the most effective thing to do.

    Thread Starter mountainguy2

    (@mountainguy2)

    6 years, 6 months ago

    Thanks, appreciate you chiming in! Leading to feature request: What you guys perhaps need is an ongoing check-box list of this sort of stuff, in WF Firewall. That way users such as myself could optionally opt out of WordPress components (I hesitate to call them “features”) that we find to be useless bot targets.

    Also, perhaps blocking this farther up the chain would cause less server load, I’ll try blocking in Mod Security at “server level.”

    MTN

    • This reply was modified 6 years, 6 months ago by mountainguy2.
    wfyann

    (@wfyann)

    6 years, 6 months ago

    Thanks for the suggestions, @mountainguy2.

    I’ll pass them on to our development team.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Bot scans for things like website-url/wp/v2/posts/?per_page=100’ is closed to new replies.