Firewall in learning mode learned to whitelist hacking scripts

  • Resolved Storycrafter

    (@storycrafter)


    8 years ago

    I installed the beta some time ago, and during the learning mode, it appears that the firewall added a full run of an attack script to the white list.

    This wouldn’t be a problem, except that to remove the several dozen whitelist entries is quite tedious. There appears to be no bulk action available, so every whitelist row removal requires about 3 clicks (a button click, 2 dialog dismissal clicks).

    Please add bulk operations on your whitelist management interface.

    https://wordpress.org/plugins/wordfence/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter Storycrafter

    (@storycrafter)

    8 years ago

    Also, it just occurs to me that almost 100% of these should have resulted in 404s. Seems like that’s a defect to whitelist a URL that responds 404.

    Sue

    (@suelaren)

    8 years ago

    I just installed the Firewall and in less than 24 hours I have two sites that each have 48 entries in the “Whitelist” – all from the same IP, two completely different servers, all fake google bot – and as you said, it’s tedious to remove each entry one by one – see my post detailing this same issue – https://wordpress.org/support/topic/whitelisted-in-learning-mode-overwhelming

    Please implement Select All or at least multi-select actions!!!

    Plugin Author WFMattR

    (@wfmattr)

    8 years ago

    Hi,

    Thanks for reaching out. We will be adding bulk operations in an upcoming release.

    I’ve also sent a request to the dev team to evaluate if we can skip whitelisting during Learning Mode when the request hits a 404 page. It sounds possible and could be useful.

    -Matt R

    gocozumel

    (@gocozumel)

    8 years ago

    In the learning mode I have a whitelist that has been added from IP
    38.95.106.70 I have not added anything. Should I delete this whitelisted IP?

    Plugin Author WFMattR

    (@wfmattr)

    8 years ago

    Hi,

    Just to follow up, the whitelist bulk editing and preventing whitelisting of hits causing 404s were included in the 6.1.4, the latest release. Thanks for the suggestions.

    @gocozumel: It depends on what the whitelist entry is — you can make a new post using the form at the bottom of the Wordfence forum here, and include the details of what appears on the whitelist, so we can check it out.

    Thanks!

    -Matt R

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Firewall in learning mode learned to whitelist hacking scripts’ is closed to new replies.