Daily Activity Report ~ Now Missing All Blocking Data

  • Resolved boutiquelife

    (@boutiquelife)


    5 years, 11 months ago

    Wordfence is a classy plugin that serves faithfully and well . . and we are nowadays ‘healthy’ co-dependent .

    On May 16th we, reluctantly, deactivated WF while debugging (a non-pernicious yet persistent and pesky Woo back-end visual layout display bug ~ https://wordpress.org/support/topic/orders-admin-dashboard-table-display-misaligned/) and confirmed WF is, indeed, inoffensive . We, immediately, reactivated WF and keeping calm, carried on . Before reactivation and while confirming what if any difference the absence of WF made to the described issue we purged all cache (litespeed and claoudflare) .

    On May 17th (and ever since) the daily activity report shows no attack and blocking data . WF is active and fully operational . Yet looking at live traffic filtered to show only bad actors and their data who were blocked by WF we see no new data since reactivation . Hmm . For sure we are under constant attack but have no fresh data to confirm that fact . Scanning recent threads we observe the ‘drama’ of cloudflare rocket loader and WF live traffic incompatibility and report that we, always, have and continue to have coudflare rocket loader option: Off .

    WF diagnostics are five-by-five, thank you . . and error logs are empty of anything anywhere the dates mentioned above and last entry is January 2018 (to do with cloudflare) . Logs available as you may require .

    Thus we are trusting that WF is performant and look forward to the return of blocked data in our daily activity report in the incoming nearer future .

    PHP 7.2.5 / WordPress 4.9.6 (latest) / WordFence 7.1.4 (latest) / Shopkeeper theme 2.5.1 (latest).

    Mean-time and for now,
    Much appreciated . . much obliged . .
    Yours sincerely,
    Stuart .

    PS. We will, of course, update you with any fresh news and improvement(s) to the describes situation. Thank you .

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support wfphil

    (@wfphil)

    5 years, 11 months ago

    Hi,

    What you can do as a test is to generate a firewall block yourself and send a test activity report to see if your firewall block is the listed in the “Recently Blocked Attacks” section of the activity report.

    Load this URL below, replacing example.com with your domain name:

    example.com/?something=<script></script>

    You should see a page that says:

    403 Forbidden
    A potentially unsafe operation has been detected in your request to this site.

    Now expand the “Other Tests” section on the “Diagnostics” tab on the “Tools” page.

    Enter your email into the option “Send a test activity report email“.

    You should see the firewall block you generated in the “Recently Blocked Attacks” section of the report. The block data will contain:

    Blocked for XSS: Cross Site Scripting in query string: something=<script></script>

    Please let me know how it proceeds.

    Thank you.

    Thread Starter boutiquelife

    (@boutiquelife)

    5 years, 11 months ago

    Hello,

    Thank you for your inquiring assist .

    Our apology for the delayed response .

    We have, just, executed your instructions .

    We report that you are correct and that we indeed have the proper info in the proper panels of the daily activity report sent to our usual receiving email address .

    And that new info is also showing in the (administrator back-end) plugin Wordfence Firewall option, and dashboard widget, information panels too .

    So we, confidently, deduce that Wordfence is continuing to operate normally and within established parameters .

    And so we are wondering where the larger share is of the attack blocking data currently unreported .

    Thank you for your successful guidance to date .

    We, patiently, await your further advice .

    Mean-time and for now,
    Much appreciated . . much obliged . .
    Yours sincerely,
    Stuart .

    Plugin Support wfphil

    (@wfphil)

    5 years, 11 months ago

    Hi,

    Thank you for the update that the firewall is working and that the activity report contains the block you generated.

    You can open the “All Options” page.

    Expand the “Advanced Firewall Options” section and check that all firewall rules are enabled.

    Expand the “Rate Limiting” section and check the the option “Enable Rate Limiting and Advanced Blocking” is enabled.

    If your options all look okay then as the firewall is working any your test block was reported then it appears that your site has not been under attack recently.

    Thank you.

    Thread Starter boutiquelife

    (@boutiquelife)

    5 years, 10 months ago

    Hello,

    Thank you for your last .

    Update . .

    We confirm the WF settings for AFW and ‘Rate Limiting’ described by you are and were already configured, thank you .

    A most recent change to a specific Wordfence file is documented and reported by the, daily, back-up service in-use at our domain, and for June 3 .

    /wp-content/wflogs/attack-data.php

    Browsing recent back-up reports shows that file to being less commonly changed (i.e. we are without any record of any previous change going back a ways And we are able to make a deeper dive, on your request, to confirm any change dates for the file attack-data.php over the period, e.g., since May 17) .

    That back-up service change notification (June 3) is, immediately, followed by the latest daily WF attack report (June 3) showing fresh, repeated, attacks from a usual and previously detailed, to us, bad actor origination (Ukraine / UA) .

    The immediately previous, June 2, and earlier until May 17 ~ as mentioned in the above posts ~ daily WF attack report shows no attack(s) . Yet earlier, daily WF attack reports, than May 17 consistently delivered several many attacks each and every day .

    We will report again if new and additional attack data, again, appear(s) on the incoming daily WF attack reports . . seemingly indicating a return to usual behaviour, for whatever reason(s) .

    Thank you .

    Mean-time and for now,
    Much appreciated . . much obliged . .
    Yours sincerely,
    Stuart .

    Thread Starter boutiquelife

    (@boutiquelife)

    5 years, 10 months ago

    Hello again,

    Well nope . . no new attacks today . . while todays WF attack report does show the previous days attacks which matches yesterday’s WF attack report content .

    Otherwise nothing new or else to report .

    Gonna go figure .

    And thank you for your assist .

    Mean-time and for now,
    Much appreciated . . much obliged . .
    Yours sincerely,
    Stuart .

    Plugin Support wfphil

    (@wfphil)

    5 years, 10 months ago

    Hi,

    Can you forward the activity reports you mentioned please – the one with no blocks and the other activity with blocks so that we can look at the reports please. Forward to phil [at] wordfence [dot] com.

    Thank you.

    Thread Starter boutiquelife

    (@boutiquelife)

    5 years, 10 months ago

    Hello,

    Shall do .

    Standby, please, for incoming email .

    And thank you for your interest .

    Mean-time and for now,
    Much appreciated . . much obliged . .
    Yours sincerely,
    Stuart .

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Daily Activity Report ~ Now Missing All Blocking Data’ is closed to new replies.