Support » Plugin: Wordfence Security - Firewall & Malware Scan » Page not found errors (404) and possible XSS

  • I’ve been looking into 404’s on my site and have noticed a number of “broken links”. Many of these have a format of

    http://someweb.com/path/http:/

    When I look at the “see recent traffic” link in WordFence live I see something like:

    Time: 1 hour 45 mins ago — Mon, 06 Jul 15 22:05:04 +0000 — 1436220304.281063 in Unixtime
    Secs since last hit: 0.0000
    URL: Possible XSS code filtered out for your security
    Type: Page not found
    Full Browser ID: Mozilla/5.0 (compatible; MJ12bot/v1.4.5; http://www.majestic12.co.uk/bot.php?+)
    Location: United States Sioux Falls, United States

    I can’t be positive, but I think that the /http:/ trailer on the url is left by Wordfence stripping off the possible XSS? Is that possible? Also, is there anyway to see the full url that WF is blocking due to the possible XSS? Also, if the request is OK (e.g. it looks like this particular url request might be coming from a Majestic bot) is there anyway to let it pass through?

    Thanks,
    Norm

    https://wordpress.org/plugins/wordfence/

  • The topic ‘Page not found errors (404) and possible XSS’ is closed to new replies.