Plugin Contributor
redsand
(@redsand)
Hi remake,
Thanks for taking the time to post this great review! Thank you!! 🙂 I’m glad to hear about the blocked XSS hack attempts. We’ve designed it to prevent a number of XSS-based attacks that work just like this one. It’s always great to hear real life examples of WP-SpamShield protecting a site not just from spam, but from certain hacks as well.
Thank you for including the specific links as well. We weren’t aware of this specific WordPress vulnerability, but now it’s on our radar. It doesn’t surprise me though, as this isn’t the first time the plugin has protected its users from an unpatched WordPress vulnerability.
Stay vigilant with your website security, my friend. Have a great week!
– Scott
Thread Starter
remake
(@remake)
Hi Scott,
I can only confirm again that it spared me a lot of work in bringing the site intact considering the posts which appeared later!
I have also one question re. your plugin. I see that in most cases spam fails many test you perform in your plugin. An example is:
Failed Tests: [‘4’]
Failed Test Codes: [‘R-COOKIE-3 R-JQHFT-3 R-FVFJS-3 R-JSONST-1000-3’]
But in this particular XSS attempt there is only one:
Failed Tests: [‘1’]
Failed Test Codes: [‘COOKIE-1’]
Does it mean that it’s been very close to breaking through? What if they master to simulate the proper browser cookie behavior too?
Regards
Janusz
Plugin Contributor
redsand
(@redsand)
Hi Janusz,
The first example you shared is a registration spam. With these, it works a bit diffetently than comment spam tests, and all tests are run at the same time, which is is why you see several error codes. For comment spam tests, it has a very thorough gauntlet of tests, and the fastest tests are run first to ensure that it keeps your server running fast. So, only the first test it fails will show, not all of them. Don’t worry, they are not getting through. 🙂
– Scott
Thread Starter
remake
(@remake)
Hi Scott,
I see. I will sleep less nervously from now on.
Regards
Janusz
Thread Starter
remake
(@remake)
Hi Scott,
I’m sorry for bothering you but I have another query. WP-SpamShield blocked the comment which I’m sure wasn’t a spam. Can you explain this please? Here is the your log entry:
*************************************************************************************
————————————————————————————-
:: COMMENT BEGIN ::
————————————————————————————-
Date/Time: [‘2015-11-26 (Thu) 11:50:25’]
Comment Post ID: [‘4371’]
Comment Post Title: [‘Red Butterflies’]
Comment Post URL: [‘http://szmatkimalgorzatki.pl/red-butterflies/’%5D
Comment Post Type: [‘post’]
Post Allows Types: [‘comments’]
Comment Type: [‘comment’]
————————————————————————————-
Comment Author: [‘Karolina @ B-craft’]
Comment Author Email: [‘karolina@b-craft.pl’]
Comment Author URL: [‘http://www.b-craft.pl’%5D
Comment Content:
[‘comment_content_begin’]
Jest piękna! Motyle przekładane motylami, przepiękna 🙂
[‘comment_content_end’]
————————————————————————————-
WPSSCID: [‘b00c25cfb19c3b02752294e09bc2b055’]
WPSSCCID: [‘f02ef72a09ce899791c6c400fb498e70’]
————————————————————————————-
User-Agent: [‘Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36’]
IP Address: [‘79.184.227.131’] [‘http://ipaddressdata.com/79.184.227.131’%5D
Reverse DNS: [‘adjt131.neoplus.adsl.tpnet.pl’]
Reverse DNS IP: [‘79.184.227.131’]
FCrDNS Verified: [‘[Verified]’]
Proxy Info: [‘No Proxy’]
Proxy Data: [‘79.184.227.131’]
Proxy Status: [‘FALSE’]
HTTP_VIA: [‘[None]’]
HTTP_X_FORWARDED_FOR: [‘[None]’]
HTTP_ACCEPT_LANGUAGE: [‘pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4’]
HTTP_ACCEPT: [‘text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8’]
HTTP_X_REQUESTED_WITH: [”]
IS_AJAX: [‘FALSE’]
IS_COMMENT: [‘TRUE’]
URL: [‘http://szmatkimalgorzatki.pl/wp-comments-post.php’%5D
Form Processor Ref: [‘http://szmatkimalgorzatki.pl/red-butterflies/’%5D
JS Page Ref: [‘http://frame.bloglovin.com/?post=4633227401&group=0&frame_type=a&context=feed_all&context_ids=&blog=13457915&frame=1&click=0&user=0’%5D
JSONST: [‘[None]’]
————————————————————————————-
JS/C Processing Time: [‘0,000278 seconds’] Time for JS/Cookies Layer to test for spam
Algo Processing Time: [‘0,126142 seconds’] Time for Algorithmic Layer to test for spam
WPSS Processing Time: [‘0,126420 seconds’] Total time for WP-SpamShield to test for spam
————————————————————————————-
Failed Tests: [‘1’]
Failed Test Codes: [‘10500A-BL’]
Spam Count: [‘4’]
————————————————————————————-
Compatibility Mode: [‘OFF’]
Caching: [‘OFF’]
Debugging Data: [‘PHP MemLimit: 256M; WP MemLimit: 40M; Sessions: Enabled’]
Site Server Name: [‘szmatkimalgorzatki.pl’]
Site Server IP: [‘88.198.23.35’]
————————————————————————————-
Active Plugins: [‘baw-login-logout-menu/bawllm.php, collapsing-archives/collapsArch.php, comment-reply-notification/comment-reply-notification.php, contact-form-plugin/contact_form.php, duplicate-theme/duplicate-theme.php, email-subscribers/email-subscribers.php, fast-category-cloud-wordpress-plugin/byrev_cat-cloud-widget.php, fast-category-cloud-wordpress-plugin/byrev_cat-cloud.php, google-analytics-for-wordpress/googleanalytics.php, image-widget/image-widget.php, image-zoom/image-zoom.php, photo-gallery/photo-gallery.php, post-specific-comments-widget/post-specific-comments-widget.php, pwaplusphp/pwaplusphp.php, recent-posts-widget-extended/rpwe.php, simplified-social-share/loginradius_simplified_social_share.php, wordpress-popular-posts/wordpress-popular-posts.php, wordpress-social-login/wp-social-login.php, wp-spamshield/wp-spamshield.php, wp-statistics/wp-statistics.php, wp-user-avatar/wp-user-avatar.php’]
————————————————————————————-
WP-SpamShield/1.9.6.5 (WordPress/4.0.8) PHP/5.3.27 (Apache)
Linux s6.linuxpl.com 3.2.71-grsec #1 SMP Tue Sep 1 12:00:21 CEST 2015 x86_64
————————————————————————————-
:: COMMENT END ::
————————————————————————————-
*************************************************************************************
Regards
Janusz
Plugin Contributor
redsand
(@redsand)
Hi Janusz,
That comment was properly blocked. As it was submitted, that would qualify as spam. We will be happy to help with this, but any questions regarding this need to go through our support channel (not here as these are for reviews only), and we will answer by email. Please submit a support request at the WP-SpamShield Support Form. If you notice at the top of the log, and in the documentation, we ask users not to post log data in the WordPress forums:
SECURITY NOTE: DO NOT POST THIS LOG TO WORDPRESS.ORG FORUMS! (Or any online forum)
This is for your security, and for the privacy of your commenters. Thank you.
– Scott
Thread Starter
remake
(@remake)
You’re right. I’m sorry for this security breach. Can we ask some kind of moderator here to remove the log part?
Regards
Janusz
