Question about blocking hacking attempts

  • Resolved tomdkat

    (@tomdkat)


    8 years, 11 months ago

    Hi! I run NinjaFirewall 3.5 with WordFence 6.3.9. This morning, I found this entry in the firewall log:

    30/May/17 00:43:09 #5890973 high 310 212.63.130.158 GET /blog/wp-admin/setup-config.php - Access to a configuration file - [SERVER:SCRIPT_NAME = /blog/wp-admin/setup-config.php] - {mysite}.com

    I understand that to mean NinjaFirewall blocked that request, due to rule #310 being violated. However, I also noticed Wordfence also logged the same request being blocked by its request blocking ability.

    I thought NinjaFirewall would have blocked the request before Wordfence even saw it. What am I missing here? I’m sure I don’t understand something. 🙂

    Thanks in advance!

    Peace…

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    8 years, 11 months ago

    Hi,

    Yes, that’s odd. When it blocks a request, there is no way another plugin can inherit it.
    Can you make sure that your INI file loads NinjaFirewall first? It looks like it is not the case here.

    Thread Starter tomdkat

    (@tomdkat)

    8 years, 11 months ago

    Thanks for the reply. In my hosting environment, I have to use a custom INI file to allow NinjaFirewall to work. I just looked at it and the NinjaFirewall entry is the ONLY entry, in the custom INI file.

    So, I’m not sure what’s going on there. If nothing else, I’ll have two lines of defense blocking the same kind of threat. 🙂

    Thanks!

    Peace…

    Plugin Author nintechnet

    (@nintechnet)

    8 years, 11 months ago

    You can try this:
    1. Log out of WordPress.
    2. Go to http://[your-blog]/index.php?ninjatest=%00
    3. Check both firewall logs to see which plugin blocked it.

    Thread Starter tomdkat

    (@tomdkat)

    8 years, 11 months ago

    Thanks! I just conducted that test and here are the results:

    NinjaFirewall blocked it:

    Sorry {my IP address}, your request cannot be proceeded.
    For security reason, it was blocked and logged.

    [NinjaFirewall]

    If you think that was a mistake, please contact the
    webmaster and enclose the following incident ID:

    Wordfence has NO record of that URL being accessed at all.

    Peace…

    Plugin Author nintechnet

    (@nintechnet)

    8 years, 11 months ago

    Everything is fine, NinjaFirewall’s working as expected.

    Thread Starter tomdkat

    (@tomdkat)

    8 years, 11 months ago

    Thanks!

    Peace…

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Question about blocking hacking attempts’ is closed to new replies.