WordPress.org

Support

Support » Plugins and Hacks » [Plugin: WordPress Firewall 2] SQL Injection Attack from… The White House?! So Says WP Firewall

[Plugin: WordPress Firewall 2] SQL Injection Attack from… The White House?! So Says WP Firewall

  • mrsmecomber
    Member

    @mrsmecomber

    Hey! This is my first time in the forums. LOVE the plugin.

    I often get emails telling me that WP-F has detected and blocked a possible SQL Injection attack. Sometimes I check up on the IPs, sometimes I don’t. This time I did. The results are baffling:

    Web Page: newyorktraveler.net/
    Warning: URL may contain dangerous content!
    Offending IP: 198.137.241.197 [ Get IP location ]

    Offending Parameter: __gads = ID=2d61acce4548d02d:T=1345045601:S=ALNI_MZqjTInnSGUl1dgHIfY1c371-0xDA

    I looked up the IP, and its the White House. Of the President of the United States….

    HUH?

    Anybody got any ideas? Is this a spoofed IP address or is the White House really attacking my website! :S

    I’m also a little alarmed that it says that the main URL of my site may contain malicious content. My server and blogs were severely hacked a few months ago so I’m very jumpy. Please help, anyone! Thanks

    http://wordpress.org/extend/plugins/wordpress-firewall-2/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Hello

    First: Welcome 😉
    Second: WP Firewall 2 is known for good job but less for its own security flaws (XSS, XSRF).
    Third: 99%, this is a spoofed IP 😉
    Fourth: I’m Web Security Consultant, maybe you can trust in me 🙂

    See you !

    Wordfence
    Participant

    @mmaunder

    Hi,

    This question was also posted on our forums and I replied here:

    http://www.wordfence.com/forums/topic/sql-injection-attack-from-198-137-241-197/

    The IP does, at least to me, appear to come from the executive office of POTUS.

    I’d love to learn more if anyone has any additional data on that particular IP?

    Regards,

    Mark.

    mrsmecomber
    Member

    @mrsmecomber

    Thanks for your replies.

    Yes, the POTUS IP is very …. interesting. I’m eager to see if others have gotten the same thing.

    mrsmecomber
    Member

    @mrsmecomber

    Also, the visit seemed attack-y. The Firewall plugin sent me about 100, 150 emails about the attack all from the same IP within a period of 2 minutes or so.

    Just plain weird. Wonder what it is??

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: WordPress Firewall 2] SQL Injection Attack from… The White House?! So Says WP Firewall’ is closed to new replies.