Hi
Can you download the firewall’s log located in /wp-content/nfwlog/firewall_2017-03.php and paste it on http://pastebin.com/ ?
Make sure to select “Paste Expiration = 1 day” and “Paste Exposure = unlisted” and that you remove your domain name and user login name, if any, from it.
-
This reply was modified 7 years, 1 month ago by
nintechnet.
Thread Starter
jswann
(@jswann)
Hi,
Thank you very much for the quick reply, I appreciate that.
My hosting company will need to disable the plugin, as I can’t currently log-in, so I can go ahead with your instructions.
I look forward to being in touch.
Best regards,
James
Thread Starter
jswann
(@jswann)
Hi,
I’ve looked through the files via cPanel at my hosting company, but don’t seem to see that specific one.
The path I take is: document root for my website domaine – WP-content folder – plugins – ninjafirewall1.
ninjafirewall1 contains: images, languages, lib folders and a number of files, followed by files and folders within each of the aforementioned folders.
The term “log” appears in the following files along the paths indicated:
images folder – screenshots folder – files 10_log.png, 12_centlog.png
lib folder – fw_centlog.php, fw_livelog.php, nf_sub_livelog.php, nf_sub_log.php
Could you please let me know how best to proceed.
Thanks a lot,
James
Thread Starter
jswann
(@jswann)
Hi again,
I got help from the hosting company, have found the file and followed your instructions.
I look forward to hearing from you at your convenience.
Best,
James
Please post the link to that file.
Thread Starter
jswann
(@jswann)
Here it is, excuse me, I didn’t know the programme and so realise you needed it posted here. Thank you for your help.
http://pastebin.com/20m9DUfA
You have a cookie that contains the NULL byte character (0x00). That’s very odd and unusual.
You can log in to WordPress using another browser (or delete your cookies first), then go to “NinjaFirewall > Firewall Policies > Various > Block ASCII character 0x00 (NULL byte)” and select “No”. Then, scroll down to the bottom of the page and click “Save Firewall Policies”.
Thread Starter
jswann
(@jswann)
Good morning,
That seems to have worked – thank you very much for taking the time to help.
You note the NULL byte character (0x00) cookie as very odd and unusual. May I ask, are there any issues it would be good to be aware of?
Best,
James
The cookie is related to “themify” (I’m not familiar with this product) . The NULL byte character is usually blocked by Web Application Firewalls when it is found inside a user input (GET, POST, cookie, user-agent etc) because there aren’t a lof of reasons to use it, except in a few cases such as in binary files etc.
Here are some more info: http://resources.infosecinstitute.com/null-byte-injection-php/
-
This reply was modified 7 years, 1 month ago by nintechnet.
-
This reply was modified 7 years, 1 month ago by nintechnet.
Thread Starter
jswann
(@jswann)
Thank you very much for that, a real help. I’ll speak with Themify.
Best regards,
James
